This is just a quick note to anyone using ns_internalredirect, especially as a replacement for ns_rewriteurl, provided by the C module nsrewrite.
Background: ns_rewriteurl is a simple Tcl command wrapper around Ns_SetRequestUrl(). The result of the rewrite is that all following filter matching and/or registered proc matching are based upon the new url. ns_internalredirect does something different. It wraps Ns_ConnRedirect(). This function keeps track of recursion loops, calls Ns_SetRequestUrl() and then actually performs a mini-request. The mini-request does two things: runs the authorization proc for the new url and if OK, runs the request. So what are the actual and potential problems with this? My guess is that this works fine if Ns_ConnRedirect() is called in the "registered proc" state, but I'm not sure that even this is safe. What is an observable error/bug is when ns_internalredirect is called within a filter prior to choosing and running the registered proc. What I see in log files is two invocations of the registered proc, although only one is actually returned to the client. This behavior could lead to application misbehavior or even failure. For instance, you might POST data twice. However, this is an easily observed problem. A more serious issue is the potential short circuiting of certain code paths which were planned before a request runs. Imagine that a preauth filter calls ns_internalredirect. What happens is that this causes a mini-request which skips all remaining preauth filters and all postauth filters before running the registered proc. Then...I guess, this mini-request terminates and returns to the filter (usually with NS_OK). The filter then probably returns FILTER_OK and the original request, with a new url proceeds. Eventually the original request chooses the same registered proc and runs it. Then trace and cleanup filters run, covering up the damage. There are a large number of simple circumstances where this works okay, but they all require that the ns_internalredirect was called during the running of the registered proc. This is because when the mini-request returns, there is no more code to run, the registered proc has already been chosen so the state machine moves on to trace filters. tom jackson -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <lists...@listserv.aol.com> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
