World: r3wp

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Wed, 19 Aug 2009 07:41:04 GMT
Expires: Wed, 19 Aug 2009 07:41:04 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: GFE/2.0
Via: 1.1 bc3
Content-Length: 0
Connection: Keep-Alive
Set-Cookie: cookies here ... 

Set-Cookie: user=; Expires=Tue, 18-Aug-2009 07:41:04 GMT; Path=/; 
HttpOnly

Set-Cookie: login=; Expires=Tue, 18-Aug-2009 07:41:04 GMT; Path=/; 
HttpOnly

Reading about etags now ...

It's not the document that needs to send back the etag as it never 
even gets that far.

So, perhaps I need to set the etag in the page that lists links?

why do u have Content-Length: 0 ?
this is not valid Set-Cookie: cookies here ...

I scrubbed the cookies from the response

this is returned by googledocs

are u reverse proxying ?

no proxies

made the etag settings ... not helping so going to do a wireshark 
trace to see if I am setting it

what if you add
response/set-header 'Expires "-1"

it's caching the whole page ... so it won't see the etags

headers you pasted are not coming from cheyenne but from google server, 
you can't control them

just to understand, you generate a file and u upload to googledocs, 
then requests it from google server?

frustrating .. can't get a trace

Yes, that's correct.

but chrome is not executing the rsp script ... as far as I can see.

I think I'll just stick with putting a time stamp on each request 
to foil the cache

Or just stick with FF / IE.

then this has nothing to do with cheyenne, add something like
join %? checksum form now/precise ad the end of requested url

if it is the rsp script that doesnt get executed , please paste headers 
from rsp response

?t= url-encode form now/time/precise

which rsp response?

you said "but chrome is not executing the rsp script ... as far as 
I can see."

yes, I put a ?? in the script and it doesn't log.

so that is the rsp you request that generate the file and upload 
it to google

yes

I'd like to see the response headers of that request , not those 
from requesting the uploaded file

thi sis the link http://gchiu.no-ip.biz:8000/md/creategoogledoc.rsp?gdoc=simple-letter.rtf&patientid=2832&encounter=none

but the page does not get executed

I can't go past http://gchiu.no-ip.biz:8000/md/login.rsp  8)

When I click on that link ... it supposed to execute a script when 
then sets the response/redirect

so there is no response from cheyenne .. only from google

with a redirect and wireshark, u should see both response headers, 
your browser is requesting two resources, one form Cheyenne, one 
from the redirected url

You'd think so .. but the pcap dump is only showing the googledocs 
response

if u private msg me a login/pas I can give it a look

impossible, that is not how it works, cheyenne responds with a redirect, 
that is an answer and has a header, the the browser request the redirected 
url from google server

I need to see headers of the redirect response sent from Cheyenne, 
the problem may be there, if that response hasn't proper Expire, 
etc.. headers it may get cached by Chrome, and thus the behaviour 
u see

this is the request


GET /md/creategoogledoc.rsp?gdoc=simple-letter.rtf&patientid=2832&encounter=none 
HTTP/1.1
Host: gchiu.no-ip.biz:8000

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.2) 
Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://gchiu.no-ip.biz:8000/md/Listgoogledocs.rsp
Cookie: RSPSID=QZPTPCZIWWMMYBKWHWRQETGM

I need the response not the request 8)

Yes .. I know ... that was the end of the "follow tpc stream"

umm.. now that sessions are bound to ip I can't hijack your session 
to check that out ;-)

got to go, either paste here response headers from cheyenne or private 
msg me a temp user/login. in the meantime just add a timestamp parameter 
to the response/redirect url

timestamp also for the rsp url

http://www.compkarori.co.nz:8000
userid/pass Guest/Guest

You won't be able to create a googledoc though as it requires that 
your google credentials are stored!

My reported problem: Doc, I'm not using VALIDATE nor do I check the 
parameters. Do I have to? I thought Cheyenne does this implicit.

I expect the problem with the parameter to force the seen side-effects. 
So before going into deeper analysis I want to fix the parameter 
problem. Any guide how to handle parameters correctly?

Robert, how can Cheyenne know that "quantity" must be an integer! 
value if you don't tell it? Cheyenne can't validate that implicitly, 
you have to either use VALIDATE (see API doc) or make your own checking 
routines. By default, all your GET or POST  parameters are treated 
as string! value. If you need to check for their presence or need 
to convert them to another datatype, you have to validate the format 
so that it doesn't error out (or worth, let an hostile request pass).

I've created a dummy google account so that people can try this out