0

I'm working in a site to manage my company users. Basically it allows login, register, change data, etc. I'm doing this site because we want to have the customers of every product unified. If I've registered for some product, then I can login to some other.

All redirects from some product site to the users site (or from the users site to the product site) are made by POST because if there is a user logged in the ticket is too long to use GET. This is causing a 302 result with the URL of the users site that is used to access from other system (with all needed parameters) and after a 200 with the right page of the users site.

Lets say I try to enter to some page that needs authentication I'll get this results:

So in Chrome or Safari when I hit back button from login page I'll be redirected to somePageWhichNeedsAuthentication. But from IE or Firefox it redirects to Access page or to somePageWhichNeedsAuthenticatedUser, I don't really know but any of that pages will redirect back to Login page, so unless I hit twice quickly the button it wont work.

How can I fix this issue?

Update

Doing some other tests I found this other case: I try to login (not to access some page which needs authintication) so here are the results:

Chrome and Safari again are perfect. Firefox is redirecting to http://www.myDomain.com/Login. And finally IE fails after as soon as you click the "Login" link because it doesn't allow responses of status 302 with content. So I must force the response of http://www.myDomain.com/Login with 200. Which keeps Firefox doing the same thing (also the same for IE).

Update 2

Here there is a log of firefox. There are some requests before the example one because of some others tabs that were opened. I've done the second example. The product domain is http://localhost/MktWeb and the users domain is http://usuarios2.nosis.com.ar. http://www.yourfilelink.com/get.php?fid=719269

Diego
  • 16,436
  • 26
  • 84
  • 136

1 Answers1

2

Firefox does not allow going back to a 3xx response via history. So if you see that happening, then whatever your site is actually doing doesn't match your description above.

Boris Zbarsky
  • 34,758
  • 5
  • 52
  • 55
  • You were right, it was redirecting to the 401. I've just corrected my question. – Diego Oct 18 '11 at 14:31
  • I've just updated my question. It actually does go back to 3xx (I think it is only when they have content). – Diego Oct 18 '11 at 15:25
  • I have no idea, based on your updated description, of which responses you're actually sending and where... Do a log following the directions at https://developer.mozilla.org/en/HTTP_Logging and link to it? – Boris Zbarsky Oct 18 '11 at 17:12
  • I've just uploaded the file and added the link to my question with a little explanation. Your help is really appreciated!! – Diego Oct 19 '11 at 16:41
  • @Diego OK, so in that log I see the POST request and the server responds with a 302 to "/es/Login", correct? That makes the browser load http://usuarios2.nosis.com.ar/es/Login, as expected.... – Boris Zbarsky Oct 19 '11 at 17:38
  • Yes thats correct. Then, when I was in http://usuarios2.nosis.com.ar/es/Login I clicked the back button and the url changed (for less than a second) to http://localhost/Mktweb/cuenta/iniciarsesion and then I was redirected back to http://usuarios2.nosis.com.ar/es/Login. – Diego Oct 19 '11 at 18:29
  • The iniciarsesion URI responds with a 200, not with a 3xx code as far as I can tell from that log. So any redirects it does are done via meta refresh or JS. If I might ask, what Firefox version is this and what log level did you use? That log is missing a bunch of information that I expected to be there... – Boris Zbarsky Oct 20 '11 at 16:06
  • Yes, now it is returning a 200 because I had to change it because of the IE issues mentioned in the quesiton. But before it was returning a 302 and the result was the same. If you want I can make the log with that URI returning a 302, there's no problem. The firefox is 7.0.1 and the log level I think it is 3 as it says here: https://developer.mozilla.org/en/HTTP_Logging#Excluding_specific_portions_of_HTTP_activity. I can generate it again, just tell me which number should I use. – Diego Oct 20 '11 at 16:26
  • @Diego Can you generate a log with the 302, with NSPR_LOG_MODULES=nsHttp without all the other modules, and at log level 5? – Boris Zbarsky Oct 20 '11 at 18:16
  • Ok. I've already left he office, will do it tomorrow. Thanks a lot for your help and patient so far! – Diego Oct 20 '11 at 18:24
  • I've just done what you asked for yesterday. Here is the link: http://www.yourfilelink.com/get.php?fid=719624. I tried to delete all the log of the other tabs before starting but, of course, I couldn't save the file because it was being used by another process – Diego Oct 21 '11 at 11:37
  • OK. So now I see a GET to localhost, which gets a 200 response. Then a POST to `usuarios2.nosis.com.ar` which responds with a 302 to `/es/Login`. Then the GET for that, which returns a 200. Then a POST to `usuarios2.nosis.com.ar` which returns a 200. Then a GET to localhost `iniciarsesion`, returning a 302 without a Location header(!).... Hard to tell which of these are related to your steps, though. So could you summarize what steps you actually performed in that log and which should correspond to which URI? – Boris Zbarsky Oct 25 '11 at 05:25
  • 1) I entered to localhost/introduccion. 2) Click a link to localhost/iniciarsesion. This returns a 200 and renderize a form that makes a post to usuarios2.nosis.com.ar/acceso. This page redirects to usuarios2.nosis.com.ar/login which returns a 200. 3) Then I just click the back button wishing to be taken to localhost/introduccion but instead I was taken to localhost/iniciarsesion which printed the form and started all redirects once again. – Diego Oct 25 '11 at 12:54
  • Hmm. So localhost/iniciarsesion does not return a 200. It returns a 302 with no Location header, as far as I can see. But that should be ok.... Does iniciarsesion do a POST from script automatically when it's loaded? Because given your description above I would expect a history back from usuarios2.nosis.com.ar/login to go back precisely to localhost/iniciarsesion, not to localhost/introduccion. – Boris Zbarsky Oct 26 '11 at 22:09
  • Yes, exactly. localhost/iniciarsesion is supposed to return a 302 with a form that post itself through javascript. This is the way I made the log, however I need (because of stupid IE rule that doesn't support 3xx with content) that localhost/iniciarsesion returns a 200. – Diego Oct 27 '11 at 11:24
  • In that case the observed behavior sounds correct; being a 302 doesn't prevent a response from being in the session history unless it's actually a redirect (which this one is not, since it's missing a Location). – Boris Zbarsky Oct 27 '11 at 17:57
  • So, there is absolutely no way I can make firefox redirect to localhost/introduccion when back button is clicked, right? – Diego Oct 28 '11 at 12:03
  • Not if there is a POST in the middle, I don't think... If you can turn that request in the middle into a GET, then obviously that would work. – Boris Zbarsky Oct 28 '11 at 14:25
  • I would but sometimes it might be too long and (again) IE has problems with that.. Thanks A LOT for your help! – Diego Oct 28 '11 at 14:49