SSL Requirement double POST from IE on expired certificate

This is really weird.

User testing in my staging environment where the SSL certificate for
the secure domain has expired. Here is the scenario:

User fills in a form containing a serial number which has to be
unique. which I use validate_uniqueness and a unique index on the
mysql db (belt and braces).
The create action is fired in the controller to do the insert on the
model. So far so good.
The next controller “new” action is protected by SSL and this domain
has an expired certificate and IE8 puts up the expected warning which
the user will ignore.
The original POST and the create action is invoked again, to which the
model says that it has a duplicate serial number. Why is the POST
sent again by the browser?

Doesn’t happen on any other browser. I could install another valid
test certificate but it is a real pain to do (too many sleazy sales
guys call and they do not understand what they are selling!). Any
other suggestion as to how to avoid this happening and how I can write
some tests for this!

Here is an excerpt from the log.

Processing ConfirmationController#new (for some.ip.add.ress at
2011-03-28 19:23:39) [GET]

Completed in 204ms (View: 143, DB: 11) | 200 OK [http://
test.nonssldomain.co.uk/confirmation/new/21]

Processing ConfirmationController#create (for some.ip.add.ress at
2011-03-28 19:24:06) [POST]

Confirmation Create (0.2ms) INSERT INTO confirmations (flags,
quote_id, created_at, updated_at, id, serialnum) VALUES(4,
21, ‘2011-03-28 18:24:06’, ‘2011-03-28 18:24:06’, 21, ‘434343434’)
SQL (3.2ms) COMMIT
Redirected to
http://test.nonssldomain.co.uk/payment/new/21?payment=monthly
Completed in 71ms (DB: 12) | 302 Found [http://test.nonssldomain.co.uk/
confirmation]

Processing PaymentController#new (for some.ip.add.ress at 2011-03-28
19:24:07) [GET]

Redirected to
https://secure.ssldomain.com/payment/new/21?payment=monthly
Filter chain halted as [:ensure_proper_protocol]
rendered_or_redirected.
Completed in 35ms (DB: 5) | 302 Found [http://test.nonssldomain.co.uk/
payment/new/21?payment=monthly]

Processing ConfirmationController#create (for some.ip.add.ress at
2011-03-28 19:24:22) [POST]
Parameters: {“confirmation”=>{“serialnum”=>“434343434”,
“resident”=>“1”}, “authenticity_token”=>“lrUm1Ja
+jjx5TxO1H4p9BhvgsjHpQwV/r5tyZvijJpw=”}

Confirmation Load (0.3ms) SELECT * FROM confirmations WHERE
(confirmations.serialnum = ‘434343434’) LIMIT 1
SQL (0.1ms) ROLLBACK

Completed in 119ms (View: 63, DB: 11) | 200 OK [http://
test.nonssldomain.co.uk/confirmation]

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs