Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why are cookies unrecognized when a link is clicked from an external source (i.e. Excel, Word, etc...)

I noticed that when a link is clicked externally from the web browser, such as from Excel or Word, that my session cookie is initially unrecognized, even if the link opens up in a new tab of the same browser window.

The browser ends up recognizing its cookie eventually, but I am puzzled as to why that initial link from Excel or Word doesn't work. To make it even more challenging, clicking a link works fine from Outlook.

Does anybody know why this might be happening? I'm using the Zend Framework with PHP 5.3.

like image 438
Nick Avatar asked Apr 16 '10 14:04

Nick


People also ask

Why do some hyperlinks not work in Excel?

So there may be a chance that your excel workbook is got corrupted and thus the hyperlink inserted in it not working. To make your excel workbook accessible again you need to fix it by using reliable repair tool like MS Excel Repair Tool.

Why is my hyperlink not clickable in Word?

Hyperlinks aren't clickablePress Alt+F9 to see if there is an underlying HYPERLINK field code. You are viewing the field code (see Figure 5) instead of the field result. You are using a version that by default requires you to press Ctrl while clicking in order to follow the link.

How do you create a trust link in Excel?

Click Options. Click Trust Center, and then click Trust Center Settings. Click Privacy Options. Under Privacy Options, select or clear Check Microsoft Office documents that are from or link to suspicious Web sites check box.


2 Answers

This is because MS Office is using Hlink.dll component to lookup if the link is Office document or something else. MS Office expect to open the document linked within documents without the aid of external browser (using Hlink.dll component of IE6).

If session cookie protects website Hlink naturally is being redirected to login page and having reached HTML page and not able to "understand" it opens it in external browser. Note that it opens not original URL (expected behavior) but the result of redirect, even if it was 302 redirect.

Microsoft has that bug in unsupported component (Hlink.dll), instead of recognizing the bug they turn it over to our head (trying to convince us that it is flaw of SSO system we use, i.e. session cookies) and refuses to upgrade it. It offers workaround that turns off the lookup functionality of MS Office:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\   Office\9.0\Common\Internet\ForceShellExecute:DWORD=1 

Or offer us to workaround serverside, to avoid HTTP redirects and change into Javascript redirects or META REFRESH redirects (i.e. to have Hlink get text/html page on original URL and make it run external browser to handle it).

like image 154
myroslav Avatar answered Oct 01 '22 23:10

myroslav


We had this same problem and wrote an open source gem to help those using rails: https://github.com/spilliton/fix_microsoft_links

You can use the same approach we used on any framework though:

  1. Detect if the user agent is from a Microsoft product
  2. Render a blank html page with a meta refresh tag that will cause the browser to refresh the page with the correct cookies

Example code here: https://github.com/spilliton/fix_microsoft_links/blob/master/lib/fix_microsoft_links.rb

like image 33
spilliton Avatar answered Oct 02 '22 00:10

spilliton