|
Jordan Baker
jbb at contradix.com
Thu Feb 1 10:09:12 EST 2007
Hi, Summary of problem: IE doesn't change the URL after getting a 302 Redirect the second time through my auth handler. I've got an auth handler which as many do checks various security parameters and if they are not met redirects the browser to an authentication page. Basically the request flow looks like this: - User requests a page ie. http://mysite.com/subfolder - The authen handler will redirect them to a auth page if they aren't already authenticated: http://mysite.com/auth?came_from=/subfolder The problems begin after the user tries to use the back button after logging out of the application. The user hits the back button to return to the site they just logged out of, hits the refresh button and lo! Whereas Firefox redirects the user to the proper /auth URL under IE the user sees the login page however the URL stays the same. This seems to be a common enough problem based on web research but I wasn't able to find a definitive solution and was hoping somewhere in this forum might have found it. The code for my authen handler follows in case it is helpful for diagnosis. TIA, -jordan. def authenhandler(req): req.user = '' # needed to avoid an error from mod_python when req.user is NULL? if not has_valid_proxy_cookies(req, req.unparsed_uri): req.log_error("not authorized to use proxy, redirecting to login page", apache.APLOG_NOTICE) # redirect to login sess = get_session(req) # pass along some key information to the auth handler sess['backend'] = get_backend(req) sess['key_host'] = get_key_host(req) sess['key_path'] = get_key_path(req) sess.save() try: util.redirect(req, "/auth?came_from=%s" % (req.unparsed_uri)) except apache.SERVER_RETURN: pass return apache.HTTP_UNAUTHORIZED req.log_error("valid cookie found, renewing") issue_cookie(req, get_key_host(req), get_key_path(req)) return apache.OK
|