Redirect\Cookie bug with MSIE 5.5sp2


#1

Hello all,

There seems to be a bug in internet explorer 5 where a redirect
causes the session to be lost.

A controller says…

def login
case @request.method
when :post
if @session[:user] = User.authenticate(@params
[:user_login], @params[:user_password])
return redirect_to(:action=>‘send_confirmation’) unless
@session[:user].confirmed?
flash[:notice] = "Welcome back, " + @session
[:user].display_name
redirect_back_or_default “/”
else
flash.now[:notice] = “Sorry, we couldn’t log you in
with that information. Please check your details and try again.”
@login = @params[:user_login]
end
end
end

And it works fine with all browsers but MSIE 5.5sp2 where the user IS
logged in but on arrival at the redirect page the session is lost.
You can see this bug in action if you try to use the wretched browser
to log into a tadalist (for example).

Can anyone suggest a work around to allow 5.5 users to keep workable
sessions with a Rails app?

Thanks,
Gavin


#2

To answer my own question and pose another. Yes, there is a bug.

MSIE 5 loses cookies on a header based 30x redirect. This is why the
browser can’t log in to any rails app I’ve tried it on.

I know MSIE 5 is a crappy browser and is 37signals famously (geek
famously, anyway) don’t support it but sadly clients aren’t quite so
bleeding edge as to give up on a browser a mere 7 years old.

Anyway, this is the best I can come up with. It relies on a sniffer,
which is bad practice so I’m not about to suggest that anyone use it
but I thought I’d post it and see if anyone can improve on it or
shoot me down.

Thanks,
Gavin

class ApplicationController < ActionController::Base

def redirect_to(options={}, *parameters_for_method_reference)
   if request.env['HTTP_USER_AGENT'] =~ /MSIE 5\./
      url = url_for(options, *parameters_for_method_reference)
      return render(:text=>"<html><head><meta http-

equiv=‘refresh’ content=‘0;url=#{url}’>")
end
super(options, *parameters_for_method_reference)
end

end