tags:

views:

585

answers:

2
+1  Q: 

Sending info with a HTTP redirect that the browser should send to the redirected location?

Is this possible.. for example, imagine I respond to a request with a 302 (or 303), and I inform the browser to do a request to a given location.. is there a header that I can send with the HTTP 302, so that the subsequent request from the browser would include that header?

I know I could do this with the location header, as in redirect and specify the information in the url as a query string.. but I'm wondering if there is a better way.. it seems that it should be a legit scenario..

'Content has moved, go here .. oh and you'll want to take this with you to give to the redirect location'

I'm guessing a big fat no!

Thanks in advance.

Edit

The reason for this is in respect to PRG patterns, where you have a GET url and POST url, given that you post data and it isn't acceptable, the server redirects you to the GET, and does some 'magic' in order to 'send data' to that GET, using most often session state to store a variable.

However this can breakdown in scenarios where many of these PRG requests are happening, granted this isn't a common scenario and generally nobody need worry about this.. but if you do- you'll need a way to identify the requests, this can be done with query string parameters send in the 302.. so that a specific entry can be put in session state according to that request.

The question was regarding trying to remove the 'request key' from the url, and making it more implicit.. cookies 'appear' to work, but they only make the window for screw ups smaller.

It would be great to say when you go the 'location' i've specified, send these parameters.

Edit

Just to note, I'm not trying to get the browser to send arbitrary headers to the location, but if there is ANY headers designed to hint the context of the request (like the querystring parameters could).

+3  A: 

A redirect response itself doesn't contain any data. You can redirect using a URL with query parameters, but the new "location" will need to know how to consume those parameters.

tvanfosson  2009-06-07 13:48:10
tvanfosson, yes I understand a redirect doesn't contain data, and any query parameters are just that.. parameters that need to be understood.. however, specifically what I wanted to know was if it was possible to send those parameters outside of the querystring.
meandmycode  2009-06-07 14:10:44
Cookies for example, what if I sent a cookie that was removed by the receiver (the redirects are relative), would it be realistic to say that with multiple of these types of redirects happening at once, that the cookie send back from the request is send only with the subsequent request, and not mixed up with other requests (on the same machine (ie, imagine i hit the same url that redirects me at the exact same instance))?
meandmycode  2009-06-07 14:16:20
If the redirect and the target page are on the same hostname, then yes, a cookie sent by the redirect should be received by the client and sent back to the destination page. So yes, you can set a cookie with a redirect and have that cookie communicated forward. However, cookies of course cannot work cross-domain, so for a cross-domain redirect the only want of sending information forward is to put it in the URL itself, ie on the query string.
thomasrutter  2009-06-07 15:33:33
It is plausible that a browser could have a race condition where if the same cookie from the same domain was set in another tab/window at the precise moment this window is redirecting, it could send the other cookie instead. It's also plausible that some clients/browsers will reject cookies.
thomasrutter  2009-06-07 15:36:55
A: 

No, that’s not possible. You cannot force the client to something. You just can say “this is not the right location, but try that location instead”. But it’s not guaranteed that the client will send the same request or another request to that new location. And telling the client to add a specific header field in that subsequent request to the new location is also not possible.

Gumbo  2009-06-07 14:17:00
Thats fair, I wasn't so much after the browser sending arbitrary headers, but wondered if there was 'A' header that I could get it to send.. for example I can get the browser to send query string parameters to that url (if it doesn't go there that doesnt matter).. so why not be able to send other parameters that just aren't in the URL..
meandmycode  2009-06-07 14:23:45
That would cause security vulnerabilities. Just think of session fixation where the attacker tries to get the victim to use a specific session. He could then just say “set this session cookie with that session id”.
Gumbo  2009-06-07 14:45:04
I'm not sure I believe that argument, its the same as querystring parameters.. if your site is using them as session identifiers then thats bad.. this is purely about trying to redirect a client back PRG style, but with context about the 'id' of the original request.. in my scenario the key exists purely to identify the request instance per user.. so that if in the event of multiple posts to the form at once occured, the redirects are identifiable.. using session state is unreliable in this form.. i can do this today using query string parameters, but i really dislike using them for this..
meandmycode  2009-06-07 14:55:47
Additionally I've toyed with the cookie version, where a cookie is set in the 302, and thus sent with the subsequent request.. this 'appears' to work, when running load tests that are doing around 100 of these requests a second.. the browser so far ALWAYS does the redirected request immediately after the 302.. im sure theres no guarentees in the browsers, and that this is just due to the fast path of which this process runs through..
meandmycode  2009-06-07 14:59:03

related questions

Retrieving HTTP status code from loaded iframe with Javascript
How to specify an authenticated proxy for a python http connection?
Why does HttpCacheability.Private suppress ETags?
How to respond to an alternate URI in a RESTful web service
Is there a reason to use BufferedReader over InputStreamReader when reading all characters?
What would be a good, windows and iis (http) based distributed version control system
Database query representation impersonating file on Windows share?
How do I use NTLM authentication with Active Directory
Process raw HTTP request content
How would you implement FORM based authentication without a backing database?
Reading "chunked" response with HttpWebResponse
Best way to let users download a file from my website: http or ftp
How do I convert a date to a HTTP-formatted date in .Net / C#
What is the best way to upload a file via an HTTP POST with a web form?
How do I stop IIS7 dropping my cookies?
Checking FTP status codes with a PHP script.
HTTP Libraries for Emacs
Accessing post variables using Java Servlets
HTTP: Generating ETag Header
HTTP: How to know when to send a 304 Not Modified response
How do I best detect an ASP.NET expired session?
How can I make the browser see CSS and Javascript changes?
How to curl or wget a web page?
The Definitive Guide To Website Authentication
Implementation of "Remember me" in a Rails application.