9

I've got a weird bug and wondered if anyone else can think of a cause.

Scenario: -

  • User tries to access restricted content, gets a turn away page with 403 status code
  • User logs in
  • User tries to access content again but should be allowed, browser returns cached turn away page and 403 response (no hit registered on server).
  • CTRL+F5 or wait a while, browser returns correct content.

This is happening in Firefox and Chrome, I haven't tried Internet Exploder.

I have only reproduced the issue once on my machine whilst on a Skype call with the testers, they can reproduce it every time. They are based over in India though and have a much slower connection to our test site. Could that be a cause?

I saw a related question but that was caused by Squid proxy, i'm not behind a proxy (although testers might be).

I'm loathe to add cache control headers as browsers shouldn't cache a 403 according to the HTTP spec but I need to guarantee with that when a user logs in they get the correct content.

Any thoughts on what might be the cause would be greatly appreciated. In the meantime I'll add some cache control headers to the turn away page just to see if that helps.

James
  • 1,541
  • 12
  • 25
  • Pages generated with GET request can get cached at the client or intervening proxies. Try appending a random number to the URL parameter, so that browser does not think it is an old response. – Bimalesh Jha Aug 01 '13 at 11:11
  • Thanks for the response Bimalesh, I have quite a good understanding of HTTP caching. If you follow my link you can see that it shouldn't be cached. Also I don't want to append a random number to the end of the URL as that would require a redirect first. I just want to return content without a redirect. – James Aug 01 '13 at 11:19
  • Have you isolated which entity is caching the response? Browser or proxies in between. May be you could use a packet capture and check. If browser is caching you should check with open bugs against FF/Chrome. In either case if you must work around this issue, then you will have to defeat caching by url manipulation or HTTP headers. Sorry, if this is not being useful. – Bimalesh Jha Aug 01 '13 at 11:34
  • As the question states, it must be the browser as I don't have a proxy in place. Very weird, thanks for your suggestions though. – James Aug 01 '13 at 11:56

0 Answers0