CF Debug Copy for Firefox Update

Just a quick post to let people know my CF Debug Copy for Firefox extension has been updated to work with Firefox 3.6. You can download the latest from RIAForge.

New ColdFire 1.5 Beta

I've posted a new ColdFire beta to RIAForge which works with recently released Firefox 3.6 and Firebug 1.5. I'm labeling this a beta because I discovered a ColdFusion 9 compatibility issue in my testing for this release. It appears ColdFusion's built in AJAX libraries have been updated slightly so the "Enable CFAJAX Debugging" feature does not currently work with CF 9. I'll work on updating this feature in the next couple of weeks. (Unfortunately the AJAX libraries shipped with CF are minimized and obfuscated so working with them is not as easy as it could be.) Because of the beta status of this release I've included both the ColdFire 1.4 and ColdFire 1.5 releases in the current RIAForge download. As always, if you have any issues please report them on the RIAForge project site.

Interesting IE 302 Redirection Issue

Yesterday I helped a coworker track down an interesting issue with 302 URL redirection in IE that I thought I'd share. Here is a brief run down of what my co-worker was observing:

  • Users would log into a courseware application, setting a single sign-on cookie. For the purposes of this description lets say the URLwas https://sitea.domain.com.
  • Users would then link out to a related application covered by the single sign-on. Lets say the URL for this related application was https://siteb.domain.com/appa.
  • When users clicked the link in Internet Explorer, instead of being logged in to the related application users were being redirected back to a non existent page in the courseware application, https://sitea.domain.com/appa/index.cfm.

What was interesting about this was that everything worked fine in Firefox, only IE seemed to be having this problem. Realizing the issue probably had something to do with the handling of the SSO in the linked-to application I fired up a proxy (ServiceCapture in this case) to watch the login process. Here is what I saw:

  • When users clicked the "link" in the courseware application they were actually being forwarded to the target application via a 302 HTTP header:

    HTTP/1.1 302 Found
    Location: https://siteb.domain.com/appa/

  • That redirection was immediately followed by another 302 redirection:

    HTTP/1.1 302 Found
    Location: /appa/index.cfm

Looking at the code of the linked-to application I could see that after logging in, which happens automatically on the first visit if the user has the appropriate SSO cookie, the application redirected users back to the home page using a relative URL. The issue was that IE was was calculating this relative URL using the base URL of the original request, https://sitea.domain.com in this example, and not taking into consideration the intermediate redirection to https://siteb.domain.com/appa. Firefox seemed to do a "better" of job of keeping track of which base URL to use for calculating relative URLs. I say "better" because Firefox's behavior seems to make more sense to me.

So there you have it, another reason to love IE.

BlogCFC was created by Raymond Camden. This blog is running version 5.8.001.