I have an Asp.Net MVC 3 mobile web app and get requests fail with HTTP 302 response in Mobile Safari when app is launched using short cut on home screen.
I've nailed down root cause being in different user-agent strings sent to web server. For reference, below are three user-agent strings I use for testing:
Chrome:
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.107 Safari/535.1
Mobile Safari:
Mozilla/5.0 (iPad; U; CPU OS 4_3_1 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8G4 Safari/6533.18.5
Mobile Safari when launched from shortcut:
Mozilla/5.0 (iPad; U; CPU OS 4_3_1 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Mobile/8G4
There are two actions in web app: Login and Main. User is required to authenticate using Login (forms authentication is used), before accessing Main. After signing in user is automatically redirected to Main (redirect is done using js, authentication is done via XmlHttpRequest).
There are couple cases that help grasp what's exactly going on:
1. Restart IIS Express
2. Open Fiddler
3. Login to web app using Chrome
4. In Fiddler drug & drop get request to Main to request builder
5. Change user agent string to Mobile Safari and execute
6. Verify Response 200
7. Change user agent string to Mobile Safari Shortcut and execute
8. Verify Response 200
9. Change user agent back to Chrome and execute
10.Verfiy Response 200
So far so good, but if we change the order of operations 5 and 7:
1. Restart IIS Express
2. Open Fiddler
3. Login to web app using Chrome
4. In Fiddler drug & drop get request to Main to request builder
5. Change user agent string to Mobile Safari Shortcut and execute
6. Verify Response 302
7. Change user agent string to Mobile Safari and execute
8. Verify Response 302
9. Change user agent back to Chrome and executre
10.Verfiy Response 200
So, it looks like when sending Mobile Safari Shortcut user-agent string first, all subsequent attempts to access Main from Mobile Safari will fail. I know described behavior may sound crazy, but I asked couple more people to look into this and confirmed that it indeed is.
Apparently it may have something to do with forms authentication. I tried setting non persistent cookie as someone suggested with no luck. Besides, as can be seen in test cases all requests used to reproduce a bug send authentication cookie acquired by Chrome and the only difference in all those requests was a user-agent string.
What other choices except from debugging an Asp.Net MVC framework code do I have?
Any help would be much appreciated!
OK, it's finally resolved. It turned out to be a dupe of ASP.NET user-agent sniffing and IE10 (Internet Explorer 10). Apparently, iOS shortcut user-agent string is not recognized either. Hope, it helps someone.