Force browser to drop #hash from the URL when sending redirect

Question

I am running into an issue with a persisting part of the URL, let's call it #x that is used for navigation. I have an AuthenticationFilter on the server side that will redirect users to a login page. The issue is that I can't get this #x to go away. On the server side when I step through the Java code that does the redirect, I see the URL as /login?redirectUrl=%2Fprevious%2Flocation. However, on the client side this is actually /login?redirectUrl=%2Fprevious%2Flocation#x. I understand that this data is actually never sent to the server. My question is how do I force the server to tell the client to drop it? Do I have to switch to client-side redirects?

Answer 1

This is answered in a couple of questions like here - URL hash is persisting between redirects. I ended up doing a client-side redirect to avoid the issue.

Answer 2

Hashes are never sent to server. So if you request an url like example.org/my-account-overview#profile the server only gets as requested resource the url example.org/my-account-overview

If you send a redirect instead the browser should request the new url and adds the hash and the value after tha hash itself and automatically.

Answer 3

Odds are that some javascript on your browser side is actually adding that #x, you'll need to fix that on the browser side.

To verify this, use the browser inspection tools + the network tab to see the actual request + response headers that are being sent both by the browser and the server.

If the server sends something like a 302 Redirect its response Location header will contain the URI that it wants the browser to use. If that URI doesn't contain the #x then you know that something on the browser itself is adding the #x.

While it is possible for a server to send the #x in its Location response header, the browser will never send this back to the server.