sproxy should pass redirects through to the browser
1 view
Skip to first unread message
Joachim De Lombaert
Dec 29, 2010, 2:55:34 PM12/29/10
to Siege Users
I'm using sproxy on Mac OS X 10.6.5 with Safari 5.0.3. I'm also
monitoring traffic with HTTPScoop.
I'm running into two issues:
- sproxy intercepts and handles 302 redirects instead of passing them
to the browser (causing browser URL to show incorrectly)
- sproxy discards cookies while doing so (causing requests that seem
to come from logged out users)
Some background about the application I'm testing:
- logged-in state is determined via cookies
- there is a short alias URL that redirects to a complete canonical
URL
- the complete URL is private: only logged in users can access it
- if a logged-out user attempts to access the private URL, he is
redirected to a different page instead so that he may log in
- if no cookies are present, the app automatically sends back a new
session cookie
Here's what I see in HTTPScoop with sproxy activated:
GET http://example.com/shortalias (code=302, request includes Cookie:
header)
GET http://example.com/fullprivate (code=302, request MISSING Cookie:
header, response includes Set-Cookie:)
GET http://example.com/loggedout (code=200, request MISSING Cookie:
header, response includes Set-Cookie:)
Here's what I see in HTTPScoop without sproxy:
GET http://example.com/shortalias (code=302, request includes Cookie:
header)
GET http://example.com/fullprivate (code=200, request includes Cookie:
header)
Therefore the application is redirecting correctly based on the rules
mentioned previously. In Safari, however, the URL displayed in the
address bar is always http://example.com/shortalias when using sproxy
despite the fact that the page content is that of /loggedout.
Given that sproxy just exists to collect visited URLs, it seems it
should always pass everything through to the browser and simply record
the URLs that go by instead of handling the redirects itself. This
would avoid both of these issues.
monitoring traffic with HTTPScoop.
I'm running into two issues:
- sproxy intercepts and handles 302 redirects instead of passing them
to the browser (causing browser URL to show incorrectly)
- sproxy discards cookies while doing so (causing requests that seem
to come from logged out users)
Some background about the application I'm testing:
- logged-in state is determined via cookies
- there is a short alias URL that redirects to a complete canonical
URL
- the complete URL is private: only logged in users can access it
- if a logged-out user attempts to access the private URL, he is
redirected to a different page instead so that he may log in
- if no cookies are present, the app automatically sends back a new
session cookie
Here's what I see in HTTPScoop with sproxy activated:
GET http://example.com/shortalias (code=302, request includes Cookie:
header)
GET http://example.com/fullprivate (code=302, request MISSING Cookie:
header, response includes Set-Cookie:)
GET http://example.com/loggedout (code=200, request MISSING Cookie:
header, response includes Set-Cookie:)
Here's what I see in HTTPScoop without sproxy:
GET http://example.com/shortalias (code=302, request includes Cookie:
header)
GET http://example.com/fullprivate (code=200, request includes Cookie:
header)
Therefore the application is redirecting correctly based on the rules
mentioned previously. In Safari, however, the URL displayed in the
address bar is always http://example.com/shortalias when using sproxy
despite the fact that the page content is that of /loggedout.
Given that sproxy just exists to collect visited URLs, it seems it
should always pass everything through to the browser and simply record
the URLs that go by instead of handling the redirects itself. This
would avoid both of these issues.
je...@joedog.org
Jan 4, 2011, 8:37:06 AM1/4/11
to siege...@googlegroups.com
I agree with your assessment. Sproxy should return 302s to the browser.
I'm currently working on a complete overhaul of sproxy. And I'm not sure
if I'll backfit this to the perl version. Any takers?
I'm currently working on a complete overhaul of sproxy. And I'm not sure
if I'll backfit this to the perl version. Any takers?
Reply all
Reply to author
Forward
0 new messages