Gunnar Peipman – Programming Blog

User controls should never make redirects during GET request

Why is my page redirecting me back to front page although it gets all the data it requires? I was going out of my mind when exploring the problem in one system but this time there was really simple answer: you cannot fully trust the code written by n00bs. Okay, here is my story.

Suppose you have page with some user controls. Something like this.

Product page

There are some URL parameters that user controls use to make sure what data they need to show. I added new context: instead of numeric ID there is another unique parameter that can be used to detect products. ctlFeatured and ctlShoppingCard are written by good coders and ctlDiscount is written by not so well performing dude. After changes everything seems to work, tests show that page gets correct content etc but user is redirected to front page: this the default behavior for missing data (we have our own reasons why it is good).

I was debugging and debugging and everything seems to work fine – but still something redirects me away. Then I started to think about user controls on page. Maybe there is really something horrible done… and I was correct. ctlDiscount was my main suspect because it contains spaghetti code that was not audited yet. What was the problem? Simple – if there is no ID given by URL then redirect user away! This is bad mistake!

User controls should make redirects only during post backs initiated by some of their hosted controls. User controls should never make redirects during GET request.

If user control gets not enough data then it should write entry to error log about it and then hide itself or show error message (or warning). And… never trust the code written by n00bs!

Tweet about this on TwitterShare on FacebookShare on LinkedInDigg thisShare on RedditShare on StumbleUpon

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>