Hi
I have some pages that are protected i.e. when the user tries to access them
after a period of inactivity, they are redirected to a login page, which, if
they log in correctly, will take them to the page they were originally
requesting.
My problem is that if the original page was accessed via HTTP Get, they are
presented with the login form, but if the original page was accessed via
HTTP Post, my Apache HTTP proxy server returns a 400 response.
So, with the HTTP Get, the sequence of messages using Firefox
LiveHTTPHeaders is:
Request: HTTP Get <xyzURL>
Response: HTTP 302 OK
Location: <loginURL>
Request: HTTP Get <loginURL>
Response: HTTP 200 OK
With the HTTP Post, the sequence of messages is:
Request: HTTP Post <xyzURL>
<formdata>
Response: HTTP 302 OK
Location: <loginURL>
Request: HTTP Get <loginURL>
Response: HTTP 400 Bad request
When I examine access_log on the HTTP server, I see the following coming in
for the HTTP Get:
"GET <xyzURL>" 302
"GET <loginURL>" 200
I see the following coming in for the HTTP Post:
"POST <xyzURL>" 302
"<formdata>GET <loginURL>" 400
I think that because of the <formdata> inserted before the GET <loginURL>
the request is not understood.
My question is why/how is this happening? What module or configuration could
be at fault? I have not changed the standard config afaik. The decision to
present the login page is made by an Oracle Access Server, and does not
appear to be faulty.
thanks, Baljeet.
