3

I'm running into a situation where Safari on iOS 6 (haven't tested earlier versions) is sending values in POST data that do not exist as form inputs in the current page, but were sent in previous POSTs to the same URL.

Here's the scenario:

  1. User is sent to a URL for a login page with some query parameters, let's say /login?x=1,y=2
  2. User enters incorrect credentials, is presented the login page again with x and y embedded in the form as hidden inputs.
  3. User hits the "back" button in Safari, which GETs /login. The values of x and y are now lost and are not included as hidden form inputs.
  4. The user enters incorrect credentials again, and here's where it gets weird. The POST data that comes through contains the username and password the user just entered, as well as the previously submitted value of x, but not y. In this specific web app, the presence of x without y is an invalid state for this specific POST and results in an error.

I have verified that Safari is actually doing a GET rather than using a cached version of the page in step 3.

For what it's worth, I have the Cache-Control response header set to no-cache, no-store, must-revalidate

UPDATE: I went ahead and filed a bug with Apple to ensure they're aware of this. If I receive any feedback I'll post it here.

markcummings
  • 31
  • 3
  • AFAIK this is a known bug (some days ago I saw a similar question on SO and one of the answers stated that it was a bug). –  Oct 19 '12 at 18:59
  • Can you point me to that question? – markcummings Oct 19 '12 at 19:49
  • euh, good question, sorry but not off of the top of my head. However I'm sure it was stated in there that there has already been a bug report filed to Apple targeting this issue. –  Oct 19 '12 at 20:00
  • @markcummings any updates on the issue? I have seen this happen recently in an app I have been working on. – Sabeen Malik May 23 '13 at 07:14
  • solved in this: http://stackoverflow.com/questions/12506897/is-safari-on-ios-6-caching-ajax-results –  Feb 18 '14 at 23:12

0 Answers0