I have run into a bit of a weird problem.

I am using repoze.who successfully on appengine (not really relevant
;-) and did some testing recently of the application
on an iphone4 on telstra's 3G network, and login's stopped working.

(previous testing was on various other 3G and conventional ISP, with
normal browsers, iphone, ipad and android)

On Telstra3G network we have found that on successful login repoze.who
(1.0.18) does a HTTPFound(came_from)  to send you to the page/url
which is your planned destination.  paste (1.7.2)  HTTPFound returns
http status 302.  And on all networks I had tried to date it works
but on telstra we actually get served the original login form which
was the original result of the inital failed page request

To help illustrate step by step what happens with repoze.who
redirecting form plugin.

Start out not logged in

goto url  -> /home  -  get a 302 response with location
/login?came_from=/home  as we are not logged

browser loads -> /login?came_from=/home user logs in with a POST, and
redirecting form now sends 302 with location /home  (See line 191

iphone/ipad now tries to get ->  /home and telstra serves up the
cached previous response for /home which is  /login?came_from=/home

Which is not what I expected ;-)

However having a read up on 302 status on wikipedia it suggests that
in fact if adhering to the letter of the law a 303 response
should actually be returned by redirecting form plugin. So maybe
telstra is doing the right thing.  The wikipedia article on 302
suggests the use 303 behaviour for 302 is a common pattern.

http://en.wikipedia.org/wiki/HTTP_302  and

So I think the redirecting form plugin for repoze.who should in fact
be using HTTPSeeOther paste exception rather than HTTPFound.

Does any one agree with my interpretation of whats going on ?
Comments welcome ?


Tim Hoffman
Repoze-dev mailing list

Reply via email to