Closed Bug 306916 Opened 19 years ago Closed 15 years ago

View Source on page within password protected website shows source of login page instead.

Categories

(Toolkit :: View Source, defect)

x86
Windows XP
defect
Not set
major

Tracking

()

RESOLVED INCOMPLETE

People

(Reporter: ravind, Unassigned)

Details

(Whiteboard: DUPEME?)

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6

I'm a web developer and Firefox is my browser of choice, both for surfing and
developing sites, which is why this bug is particularly frustrating. I have a
password protected website, developed in ASP.Net. Each page on the site checks
for the presence of a cookie, and if this is absent, or has been modified, it
redirects the user to the login page. Often, while editing one of the internal
pages, when I try to view the source, the browser shows me the source of the
login page instead.

E.g. I try to view the source for
http://ravind.homedns.org/rishivalley/people.aspx?id=48 (you need to login to
view this page)
Instead, the title of the view-source window reads:
view-source: - Source of:
http://ravind.homedns.org/rishivalley/login.aspx?rd=%2frishivalley%2fpeople.aspx
This is the page you would be redirected to if you weren't logged in.
It seems like the browser tries to reload the page, rather than show the source
from the cache. Additionally, the cookie is not returned to the server while
trying to reload the page and this causes the server to return the login page
instead, which is then displayed in the view-source window.

Reproducible: Sometimes

Steps to Reproduce:
1. Login to a website
2. Click on internal pages, requiring login, and try viewing the page source.
3. More often than not, Firefox shows the source of the login page instead.

Actual Results:  
I was shown the source code for the login page.

Expected Results:  
Show me the source code of the page I am currently viewing.

I have encountered this problem on different machines, while viewing more than
one website, hosted on different servers.
Related to Suite bug 213099 -> Suite bug 166786?
I noticed a problem much like this, and after bouncing it off of some
colleagues, we eventually found bug 166786 which has an interesting discussion
of the matter. 

When I checked about:config It turned out that somehow my
browser.cache.disk.enable and browser.cache.memory.enable got set to false. I
don't remember doing any such thing myself, so either I am forgetful (quite
possible) or perhaps one of my extensions did something to my settings. 

My current extensions include: 

Checky 2.5
AutoForm 0.5.7
Web Develper 0.9.3
Html Validator (based on Tdy) 0.6.2
Reload Every 0.6.1

It seems that the disk.cache one is the one that actually causes this behavior,
however and as noted in the referenced bug it really seems all wrong that a
re-request should be performed to view the source. The most glaring reason that
this is wrong is the source may change depending on when the request is made if
the page is dynamically generated, so you could be looking at source that does
NOT produce represent the graphical representation in front of you. 

In my opinion the source should be recalled from memory in it's pristine form. 

I'm sure this gets trickier for source of pages shown after use of the back
button. I wouldn't advocate storing every page ever browsed in memory, so maybe
each user initiated request should dump what source is in memory onto disk...

Of course ajax type stuff mucks it up too, so perhaps it should be the case that
one can get either the source that resulted from the last user request, or
source that coresponds to the current DOM model...

In any case it seems very key for web designers or developers to be able to find
out what source produces the page you are looking at, or to be able to find out
what source it was that the server gave you when you asked for the page. The
current implementation appears to do neither.
Hey look at that... the bug that was mentioned in our local IRC is actually the
same bug mentioned in the preceeding comment. :) 
There are a slew of bug reports relating to this - Bug 251231 is one of them.
Bugs I've found to date relating to this:
Bug 251231
Bug 306916
Bug 307089
Bug 321291
Bug 340120

I'll bet there are more - this was simply a search in Bugzilla for "view source". 
Whiteboard: DUPEME?
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
Whoops, duped to the wrong parent.  Geez, I'm on fire today.
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
Product: Firefox → Toolkit
Reporter: IS this still a problem with FF3 ?
Is this still an issue with the latest version of Firefox?  If it is not, this should be resolved as INCOMPLETE.
on Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 (.NET CLR 3.5.30729) I did the following:

1. Requested a page from my apache server while tailing the log file and saw the log entry.
2. View source on the file just requested, no access logged.
3. Toggled the disk.cache.enabled to false 
4. Requested a different page, saw the log file entry
5. Viewed source on the second page, no access logged.

So it appears that unless authenticated pages are treated specially by view source, 3.5.7 is not re-requesting upon view source. 

I also did the following:
1. Logged into http://www.lotustalk.com/forums , 
2. went to my personal messages
3. Did a view source. 

The source returned contained my username (still loggeed in), and did not appear to be a login page.

I suspect this bug has been fixed in the course of other changes.
Since it is working for both of us, I will resolve as INCOMPLETE.
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago15 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.