Closed Bug 1155074 Opened 9 years ago Closed 9 years ago

301 to 302 redirects cached incorrectly

Categories

(Core :: Networking: Cache, defect)

37 Branch
x86
macOS
defect
Not set
normal

Tracking

()

RESOLVED INVALID

People

(Reporter: villiers.strauss, Unassigned)

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36

Steps to reproduce:

I have a website that enforces trailing slashes, i.e. "/foo/bar" is 301 redirected to "/foo/bar/", and the logout link works as follows: "/logout/" [log user out on server] 302 redirect to "/logged-out/"

When navigating to "/logout", everything works fine for the first time, after logging back in and navigating to "/logout" again, it doesn't. 


Actual results:

The first time, what happened was: "/logout" → 301 → "/logout/" → [actual logging out occurs] → 302 → "/logged-out/" and the user was successfully logged out.

The second time however, what happened was that Firefox cached the redirect as "/logout" → "/logged-out/" and the user never gets logged out.


Expected results:

The redirect should cached as "/logout" → "/logout/" regardless of any subsequent 302 redirects.
What are the exact headers sent with the 302 response?  Because 302 responses are cacheable, depending on the headers, so if we had a cached response for "/logout/" we would use that instead of hitting the server.
Component: General → Networking: Cache
Flags: needinfo?(villiers.strauss)
Flags: needinfo?(honzab.moz)
(In reply to Not doing reviews right now from comment #1)
> What are the exact headers sent with the 302 response?  Because 302
> responses are cacheable, depending on the headers, so if we had a cached
> response for "/logout/" we would use that instead of hitting the server.

There is a "Cache-Control: max-age=3600" header, that's probably the reason it is caching the redirect.

Thanks for your help
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Flags: needinfo?(villiers.strauss)
Resolution: --- → INVALID
(In reply to Villiers from comment #2)
> (In reply to Not doing reviews right now from comment #1)
> > What are the exact headers sent with the 302 response?  Because 302
> > responses are cacheable, depending on the headers, so if we had a cached
> > response for "/logout/" we would use that instead of hitting the server.
> 
> There is a "Cache-Control: max-age=3600" header, that's probably the reason
> it is caching the redirect.
> 
> Thanks for your help

That's it.  Also, I'm not sure why you do "/logout/" → [actual logging out occurs] → *302* → "/logged-out/".  I would expect 301 there.  302 makes sense only for going from a non-traling-slashed address, doesn't it?
Flags: needinfo?(honzab.moz)
You need to log in before you can comment on or make changes to this bug.