tag:blogger.com,1999:blog-8935780327334775165.post6803291485084968423..comments2023-08-07T22:48:57.800+08:00Comments on Entity Crisis: Form Authentication and RESTUnknownnoreply@blogger.comBlogger4125tag:blogger.com,1999:blog-8935780327334775165.post-36125330270625827872007-08-14T10:03:00.000+08:002007-08-14T10:03:00.000+08:00That gives me an idea. A framework could store una...That gives me an idea. A framework could store unauthenticated request in a session variable, redirect to a logon form, then replay the request afterwards. This way, for all intents and purpose everything is RESTful, plus the referer would reflect the original referer, not the logon form.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8935780327334775165.post-76827662493527675912007-05-02T02:28:00.000+08:002007-05-02T02:28:00.000+08:00If you are going far enough to redirect the user b...If you are going far enough to redirect the user back to their original page after login then ideal behavior would be for the login page to proxy the original request, be it a GET or a POST, and return the result as the output from the login submission.<BR/><BR/>Once the client gets involved it's going to get either POST redirects or GET redirects wrong, and both are potential application failures.<BR/><BR/>I've not come across a system that does that yet. ASP.Net lamely does a GET redirect, as do most other systems I've come across that bother to do anything.Stevehttps://www.blogger.com/profile/15732819755000554717noreply@blogger.comtag:blogger.com,1999:blog-8935780327334775165.post-82871603554232227462007-05-02T01:23:00.000+08:002007-05-02T01:23:00.000+08:00I'd do the same, Peter.But lets see this scenario:...I'd do the same, Peter.<BR/><BR/>But lets see this scenario: I've just POSTed a comment to a blog post, but I wasn't logged in. After successfully logging in, my initial POST handler should be done.<BR/><BR/>Does this even require an external redirect? My first attempt at this was to recreate (at the login form) the submitted information. But file-uploads don't work that way.<BR/><BR/>My idea: save all information needed (including temporary file uploads) and call our POST after successful authentication.lbrunohttps://www.blogger.com/profile/13975437897556488014noreply@blogger.comtag:blogger.com,1999:blog-8935780327334775165.post-33445288749507752662007-05-01T12:45:00.000+08:002007-05-01T12:45:00.000+08:00I'm far from a web guru, but this sounds inherentl...I'm <B>far</B> from a web guru, but this sounds inherently broken to me. <BR/><BR/>I <I>think</I> the right thing to do would be to do a redirect-after-post. ie, the login form posts to somewhere, which returns a 301 (or whatever) redirect back the original URL. The login form shouldn't POST back to the original URL.<BR/><BR/>I'm probably wrong though.Anonymousnoreply@blogger.com