Hide 302 responses from back button (IE and FF)

1.1k views Asked by At

I'm working in a site to manage my company users. Basically it allows login, register, change data, etc. I'm doing this site because we want to have the customers of every product unified. If I've registered for some product, then I can login to some other.

All redirects from some product site to the users site (or from the users site to the product site) are made by POST because if there is a user logged in the ticket is too long to use GET. This is causing a 302 result with the URL of the users site that is used to access from other system (with all needed parameters) and after a 200 with the right page of the users site.

Lets say I try to enter to some page that needs authentication I'll get this results:

So in Chrome or Safari when I hit back button from login page I'll be redirected to somePageWhichNeedsAuthentication. But from IE or Firefox it redirects to Access page or to somePageWhichNeedsAuthenticatedUser, I don't really know but any of that pages will redirect back to Login page, so unless I hit twice quickly the button it wont work.

How can I fix this issue?

Update

Doing some other tests I found this other case: I try to login (not to access some page which needs authintication) so here are the results:

Chrome and Safari again are perfect. Firefox is redirecting to http://www.myDomain.com/Login. And finally IE fails after as soon as you click the "Login" link because it doesn't allow responses of status 302 with content. So I must force the response of http://www.myDomain.com/Login with 200. Which keeps Firefox doing the same thing (also the same for IE).

Update 2

Here there is a log of firefox. There are some requests before the example one because of some others tabs that were opened. I've done the second example. The product domain is http://localhost/MktWeb and the users domain is http://usuarios2.nosis.com.ar. http://www.yourfilelink.com/get.php?fid=719269

1

There are 1 answers

19
Boris Zbarsky On BEST ANSWER

Firefox does not allow going back to a 3xx response via history. So if you see that happening, then whatever your site is actually doing doesn't match your description above.