ASP.NET MVC authorization attribute behaves differently in IE and FireFox

First of all: this is just a sample. It is not a question of whether this is a valid authentication method.

Basically, I get weird behavior that depends on the browser used. Everything works as expected in Firefox, but in IE the actions of the controller still work even when authorization fails.

I have an ASP.NET MVC test site where the SecureController class inherits from the standard Controller class with the following relevant code:

[AuthorizeByToken]
public class SecureController : Contrller
 protected override void OnAuthorization(AuthorizationContext filterContext)
 {
     // Check for presence of encoded session string
     if (filterContext == null) throw new ArgumentNullException("filterContext null");
     if (filterContext.HttpContext == null) throw new ArgumentNullException("httpContext null");
     if (filterContext.HttpContext.Request["TestToken"] == null) return;

     // Complete authorization
     FormsAuthentication.SetAuthCookie(csmSession.CSMUser.userName, true);
     base.OnAuthorization(filterContext);
 }

Also, the AuthorizeByTokenAttribute attribute is based on AuthorizeAttribute, for example:

public class AuthorizeByTokenAttribute : AuthorizeAttribute
{
    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        filterContext.Result = new RedirectResult("/");
        filterContext.ActionDescriptor = null;
        base.HandleUnauthorizedRequest(filterContext);
    }

}

, , , http://testsite/TestSecureController/Index, Firefox. , . IE , , TestSecureController Index().

- , - ?