We are getting reports from a small number of users that they are ending up on very strange paths in our web app, of the form:
https://www.example.com/(F(1xe9eXIxPzMALrZu6xd_6LBxDDlJI3lH2lkSvREZZKCfPBH20SF5EcNql6uXvyBVLgiNZshp9vXxaEzuLa5zm8c4ruux6gqu3B90eXGNmKDypu-wKR4OW_GwQctfjCdoxFYcDlLwglfE6rICL3JGkxtq4jgxggiQgJopKZGzLJ_PF2lHY7NqXya8eDshkP9o8QFDad47U54TMsxEwKCki2xPV9d9VxxjmDhNg7aQb38X_OTxHtf9I7AxiccanJf4m0bo0ceEJ70Mv20XYaMSlA2))/some/path
(Note: i’ve changed random chars in that in case its some kind of security leak, so don’t bother trying to decode it – although if doing so might be helpful, please tell me what i’m looking for so I can do it on the real URL).
This causes a 400 in IIS, but IIS doesn’t log it, so I have no idea of the referrer etc.
From what our users describe, its being caused at this step:
return Redirect("/some/path");
(which is in an ASP.NET MVC 2 Controller Action).
The site running on IIS 7.5 under SSL.
Any ideas? I’ve never seen anything like this :s
Update:
I also have ISAPI rewrite installed, with the following .htaccess:
RewriteEngine on
AllowOverride All
# Ensure that all traffic on the live domain is enforced as HTTPS
RewriteCond %{HTTP:Host} (.*)
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} (.*)
RewriteRule .? https://%1%2 [R,L]
Take a look at Understand How the ASP.NET Cookieless Feature Works:
and further down:
Probably some of your clients block cookies.
EDIT:
That said, that URL you’ve posted seems excessively long. Maybe the MVC internals or the URL rewriting interact with it badly for whatever reason.
Question MVC2 Cookieless Session Issue using POST might be somewhat related.
EDIT2:
This thread seems to also be related to your problem: http://forums.asp.net/t/1612673.aspx.
The author mentions that
because apparently
Might be a long shot, but worth a try.