[Chilli] Infinite redirect loop

Ryan Day ryan.day at cirrusworks.net
Tue Nov 29 15:13:07 UTC 2011


I've seen a problem with some of my Coova installations where I get an
infinite redirect loop, typically after a RADIUS timeout and the user is
still making web requests. This happens if there is a WISPr Redirect URL
set and the user tries to log back in after the timeout. What seems to
be happening is the initial redirect to the UAM page (which is offsite)
is being replaced with the previously assigned WISPr Redirect URL. For
example when printing out my redirect url in the logs, it looks like:

http://my.wispr.redirect.com/?loginurl=http%3a%2f%2my.uam.authentication.com%2fhotspotlogin.php

Since my.wispr.redirect.com is not allowed yet in this session(radius
timeout has occured and I'm logged out), I am redirected again, and
again, and again. I should be redirected to
http://my.uam.authentication.com, but it looks like something is getting
crossed.

I've had this problem across several versions (1.2.2, 1.2.5 and 1.2.8)
and I've been working on it with 1.2.8. After some experimentation, I've
made a change in redir.c on line ~4035(I've added extra debugging):

-    char * base_url = (conn.s_params.flags & REQUIRE_REDIRECT &&
-                       conn.s_params.url[0]) ? (char
*)conn.s_params.url : redir->homepage;
+    char * base_url = redir->homepage;


This doesn't cause any redirection issues, and I can't simulate the
infinite redirection loop any more. However, I'm not very familiar with
the code so I'm not sure if this has any undesirable side effects that I
just haven't seen yet.

Has anyone else seen this problem? What am I losing by change the
conditional when determining the base url?


More information about the Chilli mailing list