PHP: POST data is lost due to authentication server

I am running a website where clients can submit forms. I am using PHP server side and using POST (large forms) method. The problem is that sometime the request arrives at my webserver as a messageless GET request. This issue only occurs when the form is submitted from a given client location and the issue is intermittent (most of the work).

Using fiddler, I think I have figured out what is going on, but I cannot come up with a workaround. Posting to stackoverflow to see if anyone has an idea.

Basically, the sequence looks like this:

1 POST request is sent with all relevant data.

2 POST request seems to be intercepted by the authentication proxy.

3- The proxy server sends an HTTP 302 response to the POST request and redirects to another internal address for authentication.

4 Authentication transactions have occurred (two GET requests with a 401 response)

5 The proxy server responds with a 302 redirect to the last authentication request, which redirects to the original request.

6- But the browser is sending the original request as a GET request with no NO message instead of a POST request as it was originally sent.

The end result is a blank page for the user and the form data is lost.

Maybe because of this, although the original request is a POST, it includes multiple parameters in the url (perhaps browswer assumes it's a GET because of these?)?

Is this normal behavior? I read that this is standard-compliant (browsers always respond to 302 with GET), but I can't believe it is, since there is no solution for POST request in these situations?

There must be some ways around this problem, resulting in a very bad user. Let me know what you think.


source to share

1 answer

I ran into something similar and also when using a custom ErrorDocument specifically for me 404 pages. Apparently with 404 pages, and I'm guessing maybe 401? No postage is sent to them. What I ended up doing was the same as on the 404 page instead, but instead of the errordocument rule, I use the rewrite rule.

Here's the rewrite rules to do the same thing errorDocument 404

RewriteCond %{REQUEST_FILENAME} !-f  
RewriteCond %{REQUEST_FILENAME} !-d [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteCond %{REQUEST_FILENAME}index.php !-f
RewriteRule ^(.*?)$ /error404.php [L]


As you might well think, maybe if you can't get by knowing if this message will be or you can use $ _REQUEST instead and it will be able to handle the request no matter which direction it came in.



All Articles