OT: Safari and AuthCookieDBI

talexb has asked for the wisdom of the Perl Monks concerning the following question:

I've been building and supporting a web application for over three years that uses AuthCookieDBI for authentication. Today my SysAdmin showed me that on his Mac, he is unable to log in from Safari, version 2.0.3.

A good login looks like this:

192.168.0.249 - - [16/May/2006:10:12:42 -0400] "GET /LOGIN?credential_
+0=user&credential_1=password&status=Sign+on&destination=%2Fcgi-bin%2F
+start.cgi HTTP/1.1" 302 296 "https://foo.com:16900/cgi-bin/start.cgi"
+ "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.0.3) 
+Gecko/20060426 Firefox/1.5.0.3" 159905
[download]

and the bad login looks like this:

192.168.0.249 - - [16/May/2006:10:35:18 -0400] "GET /LOGIN?-----------
+-0xKhTmLbOuNdArY%0D%0AContent-Disposition:%20form-data;%20name=%22cre
+dential_0%22%0D%0A%0D%0Asupport%0D%0A
------------0xKhTmLbOuNdArY%0D%0AContent-Disposition:%20form-data;%20n
+ame=%22credential_1%22%0D%0A%0D%0A247oldM1ll%0D%0A------------0xKhTmL
+bOuNdArY%0D%0AContent-Disposition:%20
form-data;%20name=%22status%22%0D%0A%0D%0ASign%20on%0D%0A------------0
+xKhTmLbOuNdArY%0D%0AContent-Disposition:%20form-data;%20name=%22desti
+nation%22%0D%0A%0D%0A/cgi-bin/start.c
gi%0D%0A------------0xKhTmLbOuNdArY--%0D%0A HTTP/1.1" 403 2214 "-" "Mo
+zilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/418 (KHTML,
+ like Gecko) Safari/417.9.3" 487907
[download]

It almost looks like the data stream is getting encoded into the URL. Has anyone seen this problem before?

Alex / talexb / Toronto

"Groklaw is the open-source mentality applied to legal research" ~ Linus Torvalds

Comment on OT: Safari and AuthCookieDBI Select or Download Code

Replies are listed 'Best First'.
Re: OT: Safari and AuthCookieDBI by samtregar (Abbot) on May 16, 2006 at 17:10 UTC
That looks like a POST request squeezed into a GET request query string. Most bizarre. Is the page submitting this doing anything strange in Javascript? Like changing form.method midstream, perhaps? -sam	[reply]
Re^2: OT: Safari and AuthCookieDBI by talexb (Chancellor) on May 16, 2006 at 17:30 UTC
Nothing that I know of .. it's a relatively bog standard login page. I use `<form enctype="multipart/form-data" method="get" name="login_form" act +ion="/LOGIN">` [download] to open the form .. the submit control and a hidden field are very ordinary. Well, it looks like nothing's going to happen .. since it's doing something non-standard, we just won't support it. Frustrating. Thanks for your reply. Alex / talexb / Toronto "Groklaw is the open-source mentality applied to legal research" ~ Linus Torvalds	[reply] [d/l]
Re^3: OT: Safari and AuthCookieDBI by samtregar (Abbot) on May 16, 2006 at 18:34 UTC
Try dropping the enctype, I bet that's the problem. That enctype (multipart/form-data) is only supposed to be used for POST requests. A sane browser would just ignore it for a GET, but I guess Safari is having an off day! Alternately, change the form to use POST instead of GET, which should also fix it. -sam	[reply]
Re^4: OT: Safari and AuthCookieDBI by talexb (Chancellor) on May 16, 2006 at 18:40 UTC