[BUG]Scampler-Posting, Authentication, Infinite Loop

Daniel Vainsencher danielv at netvision.net.il
Tue Jul 1 12:33:37 UTC 2003 

Note that HTTPSocket is going away - since mir's Network rewrite, the
proper way to implement protocols is to use Clients. So a better
direction might be to help implement the HTTPClient for the new
framework in a way that can be controlled so that the problem you
describe doesn't happen.

I'm not sure whether Michael still intends to implement HTTPClient on
his own, in which case you can help by testing and reviewing, or not, in
which case you might want to start an implementation effort yourself. If
you do, a good place to start is reading the HTTP 1.0/1.1 standards, and
the existing HTTPSocket, and trying to implement something that covers
the same ground as the HTTPSocket, but that passes unit tests based on
the standard.

Note, BTW, that Squeak already contains an HTTPClient class, but it is
something else, that will probably be renamed to keep things consistent
with the new naming scheme.

Daniel

Umur at Writeme <umur at writeme.com> wrote:
> Scenario is as follows:
> 1. You post a form (.e.g. to Swiki, etc.).
> 2. The form is successfully processed.
> 3) The result you get is a redirection to another page which has a
> different authentication (or you prefer to reauthenticate instead of
> keeping the pass around). 
> The problem becomes as follows:
> 1) At this point HTTPSocket does the redirection internally.
> 2) HTTPSocket now returns the content after redirection. This content is
> "Authorization Failed".
> 3) Now, HttpUrl object gets this content and applies
> checkAuthentication:retry: to it.
> 4) As there is a failure, HttpUrl reposts the orginal form. 
> 5) If the post action does not fail for another reason this reposting
> goes on infinitely.
> 
> For example, you can try to create a new swiki book using scamper.
> Fortunately you, as swiki does not allow you to create the same book
> twice, you will break out of this loop with a failure: "This name
> already exists". 
> 
> I could not come up with an easy solution as it is involving more than
> one heavily used class.
> 
> Note: In order to attempt form posting sensibly, you need to first
> fileIn the changeSet included in topic "[FIX] Scamper-Form Submit-umur
> ([sm][cd][et])"
> 
> Umur

More information about the Squeak-dev mailing list