[Catalyst-dev] Keeping flash alive across RequireSSL redirects?

[Jesse Sheidlower]

I was recently struck by a testing nightmare that derailed me
for quite some time, until a very long debugging session with
a Real (tm) programmer led me to the answer.

The basic situation is that I had a test that failed, despite
working fine in the browser; I was creating a new user, and
checking to see that the view page to which the creation
routine redirected had an "Item created!" message. This worked
in the browser, and dumping the database and the mech object's
contents showed that the item had been created in the database
and was being properly displayed in the view page, just
without the message.

It turns out that what was happening was that the add-user
page was wrapped in ssl with the RequireSSL plugin, but the
view-user page was not, so the app went from the add page to
(staying in https) an https view page, which discharged the
flash message but did not display the page, as RequireSSL then
redirected to a non-https view page, which had the correct
contents but no more flash message.

I haven't looked at the internals, not being an internals kind
of guy, but it does seem pretty clear that this is what was
happening. (Setting remain_in_ssl to 1 caused the test to
pass, also.)

Oh, and the reason this worked fine in the browser--and this
should be obvious by now--is that I was using the test engine,
which doesn't run under SSL, so no redirection.

I'm curious to hear any thoughts about this, but I'd think
that altering RequireSSL so that it maintains the flash data
across an SSL-related redirect would be a good thing to do.

Jesse Sheidlower