Ian Bicking and Geoffrey Talvola wrote:
> > I'll take a guess. I think IIS is probably doing an "internal
> > redirect" in which case the browser never sees the original reply
> > and therefore never gets the cookies. The built-in http server
> > doesn't do internal redirects but always sends them back to the
> > browser.
> > Are you using a relative URL to do the redirect? If so, try using a
> > full absolute URL instead:
> > self.response().sendRedirect('http://foo.com/webkit.cgi/MyServlet')
> > and this might force IIS to send the redirect all the way back to
> > the browser, along with the session ID.
> You can probably also fix an internal redirect by setting the status
> code, like:
> self.response().setHeader('Status', '307 Temporary Redirect')
First of all, thanks to all for their help.
Problem's cause seems to be IIS "internal redirect" indeed.
I've tried all ideas posted and ended with the following:
1. Both full absolute URL and setting HTTP Status to 307 don't help.
2. Geoffrey's trick of pasting _SID_ into the redirect url DOES work.
3. To hide the _SID_='...' from client I added a small trick to the B's
This clears the _SID_ field from the request.
I've got another problem but that deserves a separate post. ;)