4

I am experiencing the funny phenomenon, that internet explorer converts a post login request to a get request, thus losing the credentials and redirecting to the login page without authenticating.

The functionality is correct for other browsers. I have successfully tested it with firefox, chrome, vivaldi and safari.

The loginAction method as done per this documentation: https://gist.github.com/rawroland/9929df558e66ed104c186fd309755069

The twig code for the login page: https://gist.github.com/rawroland/c53af4378dbe1547f862683b55d3bc21

The generated html code of the login page: https://gist.github.com/rawroland/f3cfdfc74a728dc648189e3931d8f827

All requests All requests Post and get requests Post and get Second post Second post

Awemo
  • 875
  • 1
  • 12
  • 25
  • Where you see it ? Screenshots are not clear – Goku Aug 03 '16 at 07:46
  • I have edited the question with a label for the screenshots. The double requests can be found in **Post and get requests** – Awemo Aug 03 '16 at 08:33
  • Please add the associated HTML. Also, is that done through JS ? – rolebi Aug 08 '16 at 08:38
  • @rolebi I updated the question with gists to the login page code. No, it is not done through JS. – Awemo Aug 08 '16 at 10:18
  • 2
    I don't think that the request is converted by IE itself, the POST request was sent successfully (200) and the response was 302 (redirect) so your problem should be in login action, maybe some error doesn't displayed correctly. – yceruto Aug 08 '16 at 14:35
  • Here is an answer (can not flag bounty post as duplicate): http://stackoverflow.com/questions/7096343/post-method-getting-converted-to-get-in-ie-9 – Jehy Aug 08 '16 at 19:22
  • @Jehy I tried that to no avail. – Awemo Aug 09 '16 at 07:30
  • @Yonel What surprises me is the fact that the redirect does not cause a problem with other browsers, only with internet explorer. I do not want to exclude an application error, but problems with internet explorer are the best bet currently. – Awemo Aug 09 '16 at 07:32
  • I don't see any GET request in your screenshots. Anyway provinding "The twig code" and the generated HTML without the logic that is doing everything work is very hard to say anything of value – Martin Fasani Aug 10 '16 at 09:10
  • @MartinFasani The screen shot Post and get requests shows the two requests. I also added the login action, which simply displays the login form without processing the requests. This is done by the security component, per this documentation: http://symfony.com/doc/current/security/form_login_setup.html. – Awemo Aug 11 '16 at 06:12
  • Could you please enable symfony's webprofiler to see what is happening on server side? – atn Aug 14 '16 at 17:11
  • One possible explanation is that the session cookie sent by the login page is not accepted by the browser. So the POST is done, after that server sets a cookie and redirects, but when loading the redirect page the browser fails to send back the session cookie (thus confirming that it is authenticated) – Tudor Ilisoi Aug 15 '16 at 06:32
  • Thank you all for your help, I discovered and fixed the problem. – Awemo Sep 06 '16 at 07:42

1 Answers1

0

I finally discovered and fixed the problem with the aid of a colleague. It was a pretty innocuous problem with the server time on our test system, which was behind by 2 hours. This caused the cookies to be set in internet explorer with an expiration time in the past, causing the the login to always fail. The surprising problem was that the cookie expiration was only off in Internet explorer, with every other browser having a correct expiration date.

I repaired the problem by synchronizing our server time with the European Network time servers: Synchronizing server times with NTP

Awemo
  • 875
  • 1
  • 12
  • 25