Getting some strange IE behaviour when redirecting a user to an HTTPS site where for one reason or another there is a certificate error.
Whilst our certificates are good, sometimes our end customers don't have updated root certificates or there may be other reasons for the problem. Whilst you'd expect the warning to appear to tell you the certificate is bad, if you choose to accept the warning and proceed at risk, then the 302 response which led to you that site gets lost and instead the previous page is reloaded or processed again.
This simple IIS web site demonstrates the problem by just visiting this page load once and redirecting to an SSL site with an invalid certificate.
protected void Page_Load(oject sender, EventArgs e)
{
var setting = Session["BeenHereBefore"];
if (setting == null || setting.ToString() == String.Empty)
{
Session["BeenHereBefore"] = "BeenHere";
System.IO.File.AppendAllText("C:\\LogFiles\\302RedirectTest\\log.txt", Environment.NewLine + "Invoking redirect");
Response.Redirect(https://www.somesite.com/mypage.aspx);
}
else
{
// Session already set by this page
System.IO.File.AppendAllText("C:\\LogFiles\\302RedirectTest\\log.txt", Environment.NewLine + "Back in the same place after being redirected");
Session["BeenHereBefore"] = "";
Response.Write("<HTML><BODY><P>So this URL has already been visited in this session</P></BODY></HTML>");
}
}The output from the log file is:-
Invoking redirect
Back in the same place after being redirected
This doesn't happen with Firefox (don't know about other browsers). Using IE11 but occurs on most recent IE browsers.
Can anyone offer an explanation for this or is this an IE bug?
