Closed
Bug 1155074
Opened 9 years ago
Closed 9 years ago
301 to 302 redirects cached incorrectly
Categories
(Core :: Networking: Cache, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: villiers.strauss, Unassigned)
Details
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36 Steps to reproduce: I have a website that enforces trailing slashes, i.e. "/foo/bar" is 301 redirected to "/foo/bar/", and the logout link works as follows: "/logout/" [log user out on server] 302 redirect to "/logged-out/" When navigating to "/logout", everything works fine for the first time, after logging back in and navigating to "/logout" again, it doesn't. Actual results: The first time, what happened was: "/logout" → 301 → "/logout/" → [actual logging out occurs] → 302 → "/logged-out/" and the user was successfully logged out. The second time however, what happened was that Firefox cached the redirect as "/logout" → "/logged-out/" and the user never gets logged out. Expected results: The redirect should cached as "/logout" → "/logout/" regardless of any subsequent 302 redirects.
Comment 1•9 years ago
|
||
What are the exact headers sent with the 302 response? Because 302 responses are cacheable, depending on the headers, so if we had a cached response for "/logout/" we would use that instead of hitting the server.
Component: General → Networking: Cache
Updated•9 years ago
|
Flags: needinfo?(villiers.strauss)
Flags: needinfo?(honzab.moz)
(In reply to Not doing reviews right now from comment #1) > What are the exact headers sent with the 302 response? Because 302 > responses are cacheable, depending on the headers, so if we had a cached > response for "/logout/" we would use that instead of hitting the server. There is a "Cache-Control: max-age=3600" header, that's probably the reason it is caching the redirect. Thanks for your help
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Flags: needinfo?(villiers.strauss)
Resolution: --- → INVALID
Comment 3•9 years ago
|
||
(In reply to Villiers from comment #2) > (In reply to Not doing reviews right now from comment #1) > > What are the exact headers sent with the 302 response? Because 302 > > responses are cacheable, depending on the headers, so if we had a cached > > response for "/logout/" we would use that instead of hitting the server. > > There is a "Cache-Control: max-age=3600" header, that's probably the reason > it is caching the redirect. > > Thanks for your help That's it. Also, I'm not sure why you do "/logout/" → [actual logging out occurs] → *302* → "/logged-out/". I would expect 301 there. 302 makes sense only for going from a non-traling-slashed address, doesn't it?
Flags: needinfo?(honzab.moz)
You need to log in
before you can comment on or make changes to this bug.
Description
•