问题
I'm getting a blank white screen in IE when building a login system that redirects through a 3rd party server for authentication. (The browser is supposedly requesting a page back on my server when it fails.)
The login goes like this:
- user requests http://www.myserver.com/ and is returned a 302 redirect to http://www.myserver.com/login.aspx along with some cookies storing any GET/POST parameters in the initial request and the initial URL.
- user's browser requests http://www.myserver.com/login.aspx and is returned 200 OK, and given an HTML page with a username and password field.
- user submits the HTML form as a POST to http://www.myserver.com/login.aspx and receives a slightly different 200 response, (this HTML page has a drop down to choose from a list of users the username/password entered in step 2 has the right to login as, (for assistants logging in as their manager.))
- user selects a value for the drop down and again submits the page as a POST to http://www.myserver.com/login.aspx. This time they receive a 302 redirect to https://secure.3rdpartyserver.ca/login/login.aspx?WSLR={encrypted login parameters including a URL to redirect back to}
- user's browser does a GET request for https://secure.3rdpartyserver.ca/login/login.aspx?WSLR={encrypted login parameters including a URL to redirect back to} and received back a 302 redirect to http://www.myserver.com/login.aspx?userID={number}&sessionId={number}&impersonateId={number}
- (Firefox/Chrome) user's browser does a GET request for http://www.myserver.com/login.aspx?userID={number}&sessionId={number}&impersonateId={number} and receives back a 302 redirect to http://www.myserver.com/ (and clears the cookies set in step 1.)
- (Firefox/Chrome) user's browser does a GET request for http://www.myserver.com/ and finally gets the HTML page the user wanted in the first place.
Step 6 in IE9 however seems screwed up:
- If I don't monitor it at all I get a blank white screen at step 6 with the URL bar showing http://www.myserver.com/login.aspx?userID={number}&sessionId={number}&impersonateId={number}. My login.aspx's Page_Load method is never called on the server.
- If I hit F12 and use the built in network capture feature it shows everything right up till step 6 then it shows a GET request for http://www.myserver.com/login/login.aspx?WSLR={encrypted login parameters including a URL to redirect back to} (a non-existent page that's an amalgam of the URL from steps 5 and 6.) When I tried making a page there it was never called. The browser still shows a blank white screen with the URL of http://www.myserver.com/login.aspx?userID={number}&sessionId={number}&impersonateId={number} though. My login.aspx's Page_Load method is never called on the server.
- If I run HttpAnalyizer while doing this request in IE the whole thing works just like it does in Firefox/Chrome.
I haven't tested in other browsers as this system is still running on my localhost in debug mode. This could also be introducing the bug as localhost is intranet zone and the 3rd party server is internet zone, (although it should work anyway.) Is there a way to make localhost run in the internet zone?
If you hit the refresh button or click the address bar and hit enter when it's at the white screen the login proceeds properly as if it didn't break in the first place.
来源:https://stackoverflow.com/questions/16702112/http-302-redirects-between-servers-failing-in-ie-working-in-ff-and-chrome