How does MS-Word open a hyperlink?

Question

I have an MS-Word document with a hyperlink. The hyperlink points at an authentication redirector on my server. When I control-click on the hyperlink, my server logs report that it

1. does a fetch with IE, then
2. fetches the redirect url with IE, then
3. launches the "default browser", which is Firefox in my case, and re-fetches the second (redirect) URL.

What gives? Is this by design?

I noticed this because my auth system is currently dependent on cookies set by the redirector. I have some ideas about using url-based auth for this bit, but I need to know what is motivating Word's behavior first.

I have some guesses but I'm looking for something authoritative (or at least a better-informed guess).

Answer 1

Unfortunately, yes. And they try to blame it on "a limitation of the single sign-on system used by the web server"...

http://support.microsoft.com/kb/899927

Answer 2

Actually, this is a "feature". If the hyperlink is to a Word document, word will attempt to download the document and open it. (You must be thinking it's IE because of the user-agent, but the request is coming from WinInet in the the Word process.)

The mess comes about when the server doesn't respond with a page, but rather responds with a redirect and cookies. Word follows the redirect to see if it's going to get a Word document, and it eventally ends up with an HTML page. It then decides that Firefox should display it, so it launches Firefox with the final redirected URL, (but without any of the cookies that the server sent).

Firefox may end up needing those cookies, if this is an SSO sign-on.