handling of url redirection
Martin Atkins
mart at degeneration.co.uk
Thu Feb 28 08:41:55 UTC 2008
Jonathan Daugherty wrote:
>> This is what I was getting at- it'd be good to give users an identical
>> experience when they sign into various OpenID-enabled apps.
>
> Just to be clear, this is not an interop issue. This is a matter of
> drawing the line between what is sane and what is not. For
> pathological cases (e.g., excessive redirects) there isn't a sane
> interop behavior, only a sane fallback behavior. +1 for
> _recommending_ a maximum number of redirects in the spec so
> implementors have some idea of what is sane. I think any more than 10
> is pathological.
>
It may be worth noting that some implementations have both a limit on
the actual number of redirects and on the total time for the request,
including all redirects. In otherwords, unreasonable redirects can be
measured by the time taken to do them rather than their actual number.
More information about the specs
mailing list