Redirect\Cookie bug with MSIE 5.5sp2


Hello all,

There seems to be a bug in internet explorer 5 where a redirect
causes the session to be lost.

A controller says…

def login
case @request.method
when :post
if @session[:user] = User.authenticate(@params
[:user_login], @params[:user_password])
return redirect_to(:action=>‘send_confirmation’) unless
flash[:notice] = "Welcome back, " + @session
redirect_back_or_default “/”
else[:notice] = “Sorry, we couldn’t log you in
with that information. Please check your details and try again.”
@login = @params[:user_login]

And it works fine with all browsers but MSIE 5.5sp2 where the user IS
logged in but on arrival at the redirect page the session is lost.
You can see this bug in action if you try to use the wretched browser
to log into a tadalist (for example).

Can anyone suggest a work around to allow 5.5 users to keep workable
sessions with a Rails app?



To answer my own question and pose another. Yes, there is a bug.

MSIE 5 loses cookies on a header based 30x redirect. This is why the
browser can’t log in to any rails app I’ve tried it on.

I know MSIE 5 is a crappy browser and is 37signals famously (geek
famously, anyway) don’t support it but sadly clients aren’t quite so
bleeding edge as to give up on a browser a mere 7 years old.

Anyway, this is the best I can come up with. It relies on a sniffer,
which is bad practice so I’m not about to suggest that anyone use it
but I thought I’d post it and see if anyone can improve on it or
shoot me down.


class ApplicationController < ActionController::Base

def redirect_to(options={}, *parameters_for_method_reference)
   if request.env['HTTP_USER_AGENT'] =~ /MSIE 5\./
      url = url_for(options, *parameters_for_method_reference)
      return render(:text=>"<html><head><meta http-

equiv=‘refresh’ content=‘0;url=#{url}’>")
super(options, *parameters_for_method_reference)