Simon icon Simon
Flexible server monitoring

HTTPS test failing with too many redirects because of Cookie support

I have Simon doing a bunch of HTTPS tests very successfully, but one that I just added is not working: Simon reports "too many HTTP redirects" and fails it.

This is a vendor-provided ASP system, so there's not much that I can do to change it...I just have to deal with it.

What I've found in general is that a browser or whatever is doing HTTPS *doesn't* support Cookies, you will get into a "too many redirects" situation, since when Cookies aren't working this system sends a redirect back to itself.

When Cookies *are* working properly, however, it returns the normal desired login page.

The problem is that while all browsers that I've tried work, and cURL (when used with Cookie support) works fine, Simon fails. Simon does see the Cookies and records them, but somehow it's not supporting Cookies in the same way that browsers and cURL do, so it just keeps getting the redirects.

The URL that I'm testing for is just a login prompt for this system, called "ResourceScheduler": the URL is https://schedule.cciu.org/resourcescheduler/login.asp

If you put that in a browser, you will get the login page.

If you use cURL with it, using Cookie support, you will get the login page:
$ curl -c cookies.txt -b cookies.txt -k https://schedule.cciu.org/resourcescheduler/login.asp

If you try to use cURL *without* Cookie support, you get the redirect:
$ curl -k https://schedule.cciu.org/resourcescheduler/login.asp
Object moved

Object Moved

This object may be found here.

Simon's HTTPS test will work once, and it records the cookies. But subsequent checks always fail, even though the cookies are showing. I've tried deleting Simon's cookies, checking or unchecking the Write checkbox for the cookies, but nothing seems to work....after the first check, it always fails.

Any ideas? Feel free to hit that login page for testing: it's a public system.

Thanks,
John

JohnDCCIU's picture

Re: HTTPS test failing with too many redirects because of ...

Oops, forgot to put the code tags around the redirect stuff (and the Forum server wouldn't let me edit the original message any more, kept saying that I triggered the Spam filter, with no offer to enter the Captcha). So here's what that part look like:

If you try to use cURL *without* Cookie support, however, you get the redirect back to itself.

$ curl -k https://schedule.cciu.org/resourcescheduler/login.asp
<head><title>Object
moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="login.asp">here</a>.</body>

David Sinclair's picture

Re: HTTPS test failing with too many redirects because of ...

I've confirmed the issue. I don't have time to investigate further right now, but have made a note for when I'm next working on Simon (which may be soon if we do that email cycle feature).

In the meantime, a workaround would be to crate a Script-based service to use the curl call that works.

David Sinclair's picture

Re: HTTPS test failing with too many redirects because of ...

I've solved this. Simon was sending an empty Cookies:"" header. But it turns out that the server works correctly if I don't send cookies at all when there aren't any to send.

Hopefully this change won't break any other sites. I'll test it myself, and provide you with an alpha build. If all looks okay, the beta cycle will give it further testing.