Following links from MS Office documents
We’ve had some problems with links embedded in MS Office documents. The symptom is that when you click the link, you’re bounced to the login page even though you’re already logged in, and after logging in again, you’re dropped on the front page rather than the page you wanted. Copy-pasting the URL manually works perfectly.
The problem has appeared both on Mac and Windows in certain configurations, though the only reference I’ve found on the web is about the Mac. It happened both with Basecamp, as well as with the web app I’d developed.
What happens is that the first time the URL is requested, the cookies aren’t sent along, and so the server redirects to the login page, storing the URL that you really requested in the session on the server, rather that in the browser, in the URL of the redirect. That’s the first problem. Because then when the login page is requested, the old cookies which were there all the time are suddenly sent along correctly. But that also means that your session cookie changed, and the information about which page you were trying to get to is lost.
Thankfully, the fix is simple:
- First, instead of storing the URL in the session, pass it as a query parameter. It’s not as pretty, but, hey, it works.
- Second, on the page that is being redirected to, the one that would normally show the login page, check if the user is already logged in, and if she is, and the request parameter is present, just redirect them to that without showing the form.
With these two changes in place, links in MS Office documents now work every time on every platform. Provided, of course, the page is actually still there.
UPDATE: An additional nugget of information: It seems that regardless of your default browser, the first two requests will come from IE, and then only the later ones come from your default browser.
UPDATE 2: Credit where credit is due: The packet sniffing to figure out what’s going on was done by Ximon Eighteen at Greenpeace. I used to not be allowed to mention in public that I work for them , that’s why I didn’t, but now that Martin’s blogged this, I figured I’d give Ximon the credit in public.