[mod_python] IE rediretcts don't change URL with auth handler?

Jordan Baker jbb at contradix.com
Thu Feb 1 10:09:12 EST 2007


Summary of problem: IE doesn't change the URL after getting a 302 
Redirect the second time through my auth handler.

I've got an auth handler which as many do checks various security 
parameters and if they are not met redirects the browser to an 
authentication page.

Basically the request flow looks like this:

- User requests a page ie. http://mysite.com/subfolder

- The authen handler will redirect them to a auth page if they aren't
   already authenticated:   http://mysite.com/auth?came_from=/subfolder

The problems begin after the user tries to use the back button after 
logging out of the application.

The user hits the back button to return to the site they just logged out 
of, hits the refresh button and lo! Whereas Firefox redirects the user 
to the proper /auth URL under IE the user sees the login page however 
the URL stays the same.

This seems to be a common enough problem based on web research but I 
wasn't able to find a definitive solution and was hoping somewhere in 
this forum might have found it.

The code for my authen handler follows in case it is helpful for diagnosis.



def authenhandler(req):
   req.user = '' # needed to avoid an error from mod_python when 
req.user is NULL?
   if not has_valid_proxy_cookies(req, req.unparsed_uri):
     req.log_error("not authorized to use proxy, redirecting to login 
page", apache.APLOG_NOTICE)
     # redirect to login
     sess = get_session(req)
     # pass along some key information to the auth handler
     sess['backend'] = get_backend(req)
     sess['key_host'] = get_key_host(req)
     sess['key_path'] = get_key_path(req)

       util.redirect(req, "/auth?came_from=%s" % (req.unparsed_uri))
     except apache.SERVER_RETURN:

     return apache.HTTP_UNAUTHORIZED

   req.log_error("valid cookie found, renewing")
   issue_cookie(req, get_key_host(req), get_key_path(req))
   return apache.OK

More information about the Mod_python mailing list