internet-explorer http-redirect single-page-application http-status-code-302 siteminder

URL fragment removed by IE after 302 login redirect

We use SiteMinder authentication in our application.

If app user tries to navigate to a particular page https://ourapp.com/myapp/#/pending/requests in our app via direct URL or via bookmarked URL, SiteMinder will redirect to a login page via 302 redirect similar to http://ourapp.com/login?redirect=https%3A%2F%2Fourapp.com%2Fmyapp%2F#/pending/requests asking for user to enter credential in a login form. After successful authentication, user should be redirected to our app and land on the requested page(/pending/requests).

It's working absolutely fine in Chrome and Firefox. When it comes to IE it's landing on https://ourapp.com/myapp/#/home (default landing page) instead of https://ourapp.com/myapp/#/pending/requests.

I have tried various solutions provided in google search results in our app code like,

Removing <base> tag in index.html
Adding below lines of code at top of the page

// setting location back
window.location = window.location;

// setting location hash back
window.location.hash = window.location.hash;

Few other solutions similar to above

Though this Q & A perfectly makes sense,

I still want to preserve the URL hash fragment in IE even it's 3xx redirect for my requirement...!?

Solution

Answering my own Question

I figured out that after successful authentication, SiteMinder is doing 302 redirection to user requested application page by using login form hidden variable value (where it stores user requested URL /myapp/ - without hash fragment since it won't be sent to the server) with name similar to redirect. Sample form below

Since redirect hidden variable value contains only /myapp/ without hash fragment and it's a 302 redirect, the hash fragment is automatically removed by IE even before coming to our application and whatever the solutions we are trying in our application code are not working out.

IE is redirecting to /myapp/ only and it is landing on default home page of our app https://ourapp.com/myapp/#/home.

Have wasted almost a day to figure out this behavior.

The solution is:

Have changed the login form hidden variable (redirect) value to hold the hash fragment by appending window.location.hash along with existing value. Similar to below code

$(function () {
  var $redirect = $('input[name="redirect"]');
  $redirect.val($redirect.val() + window.location.hash);
});

After this change, the redirect hidden variable is storing user requested URL value as /myapp/#/pending/requests and SiteMinder is redirecting it to /myapp/#/pending/requests in IE.

The above solution is working fine in all the three browsers Chrome, Firefox and IE.

Thanks to @AlexFord for the detailed explanation and providing solution to this issue.