W3C home > Mailing lists > Public > public-evangelist@w3.org > June 2007

Re: About redirections...

From: Jon Jensen <jon@jenseng.com>
Date: Wed, 27 Jun 2007 13:26:10 -0600
Message-ID: <4682B9D2.5040307@jenseng.com>
To: sebastian nielsen <sebastiannielsen@hotmail.com>
Cc: public-evangelist@w3.org


You're misunderstanding how browsers and redirects work. Here's what 
actually happens:

Browser does a POST to page B.
The server responds with an HTTP redirect informing the browser to go to 
page C.
Browser does a GET to page C. None of the information in the previous 
POST gets resubmitted.

There are a couple ways you can verify this is taking place. On the 
server-side, you can see exactly which requests are being handled by 
looking at the logs. In this example, you would see a POST resulting in 
a redirect, followed by a brand new GET request. If you are using the 
Firefox web browser, the Firebug or LiveHttpHeaders extensions allow you 
to see exactly which requests are being sent by the browser, including 
what data is being posted.


Jon Jensen

sebastian nielsen wrote:
> About this page: http://www.w3.org/QA/Tips/reback
> A problem with the "standard" redirects is that they resubmit any 
> information that are submitted to a page that redirects.
> For example:
> Page showing login form = A
> Page where information is posted = B
> Page that the user should go to after login = C (suppose this is a 
> third party site)
> The problem here, is that when a user logons with the form on page A, 
> the data gets then sent as supposed to
> page B. But then page B issues a "standard redirection" to page C. The 
> browser will then resubmit the login
> information to page C. This is not what a webmaster wants if the 
> C-page is a third party page that only should get a "identifyer" that 
> a user has logged in, not which username and password the user has on 
> site B.
> Some browser has a setting to turn off redirection for POST requests. 
> But that setting completely disables the redirection HTTP codes for 
> POST request which means that the user will see a error message, or a 
> blank page, depending on which browser is used.
> If META refreshes is used, the form information isnt redirected.
> ------------------------------------------------------------------------
> Skaffa nya Windows Live Messenger! Prova på! 
> <http://get.live.com/messenger/overview>
Received on Thursday, 28 June 2007 12:16:01 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:16:20 UTC