[mod_python] IE rediretcts don't change URL with auth handler?

Graham Dumpleton grahamd at dscpl.com.au
Thu Feb 1 15:59:20 EST 2007 

Your problem may be because you are mucking around with the status
which would be returned by util.redirect().

Don't use a try/except block around util.redirect(), but also read:

  http://issues.apache.org/jira/browse/MODPYTHON-140

This will be an issue for your authenhandler as written if you are
using mod_python 3.2.X or earlier. If using an older version of mod_python
instead of 'pass' in the except block, try 'return apache.DONE'.

Graham

Jordan Baker wrote ..
> Hi,
> 
> Summary of problem: IE doesn't change the URL after getting a 302 
> Redirect the second time through my auth handler.
> 
> I've got an auth handler which as many do checks various security 
> parameters and if they are not met redirects the browser to an 
> authentication page.
> 
> Basically the request flow looks like this:
> 
> - User requests a page ie. http://mysite.com/subfolder
> 
> - The authen handler will redirect them to a auth page if they aren't
>    already authenticated:   http://mysite.com/auth?came_from=/subfolder
> 
> The problems begin after the user tries to use the back button after 
> logging out of the application.
> 
> The user hits the back button to return to the site they just logged out
> of, hits the refresh button and lo! Whereas Firefox redirects the user
> to the proper /auth URL under IE the user sees the login page however 
> the URL stays the same.
> 
> This seems to be a common enough problem based on web research but I 
> wasn't able to find a definitive solution and was hoping somewhere in 
> this forum might have found it.
> 
> The code for my authen handler follows in case it is helpful for diagnosis.
> 
> TIA,
> 
> -jordan.
> 
> 
> def authenhandler(req):
>    req.user = '' # needed to avoid an error from mod_python when 
> req.user is NULL?
>    if not has_valid_proxy_cookies(req, req.unparsed_uri):
>      req.log_error("not authorized to use proxy, redirecting to login 
> page", apache.APLOG_NOTICE)
>      # redirect to login
>      sess = get_session(req)
>      # pass along some key information to the auth handler
>      sess['backend'] = get_backend(req)
>      sess['key_host'] = get_key_host(req)
>      sess['key_path'] = get_key_path(req)
>      sess.save()
> 
>      try:
>        util.redirect(req, "/auth?came_from=%s" % (req.unparsed_uri))
>      except apache.SERVER_RETURN:
>        pass
> 
>      return apache.HTTP_UNAUTHORIZED
> 
>    req.log_error("valid cookie found, renewing")
>    issue_cookie(req, get_key_host(req), get_key_path(req))
>    return apache.OK
> 
> _______________________________________________
> Mod_python mailing list
> Mod_python at modpython.org
> http://mailman.modpython.org/mailman/listinfo/mod_python

More information about the Mod_python mailing list