When link clicked in Outlook Beta (from Office 12), extra request made to server

[john.g.norman]

If anyone from Microsoft is listening . . .

(sorry about the "yelling" . . .)

THE FOLLOWING SEEMS TO BE A BUG IN OUTLOOK IN OFFICE 12.

Using the Office 12 Beta version of Outlook:

I have a link in an e-mail.

I click it.

This brings up Internet Explorer, as expected. (I have seen this with
Outlook + IE 6 and also the new IE 7 beta.)

Note that the requested URL performs a REDIRECT.

Now here's the strange thing:

In my server logs, there are TWO requests to the page to which the
redirect is pointed.

This is pretty terrible, because a session cookie is managed by the
server. Since there are two requests, and the session is assigned after
the redirect, it means two sessions are created. The user always sees a
timeout.

Note as well that I have observed on another machine that the user
agent for one request has "Office 12" in it; the other doesn't. This
suggests that when the link is clicked, OUTLOOK is also making a
request to the clicked link, as well as IE.

 

[john.g.norman]

Microsoft, if you're listening, this seems dead wrong. Perhaps there is
an MVP who can pass this along to the right person.

Summary:

Outlook in Office 12 makes a request to a link embedded in e-mail, gets
the redirect target, and then passes the redirect target to the default
browser. This is AWFUL, because it means that the default browser will
not have the session cookie.

More on this. This is really nuts. I set up another computer, and this
time installed Firefox and made it the default browser. So the setup
is: Outlook from Office 12, IE 6, and FF (where FF is the default
browser). Below what the server log shows.

Notice how the FIRST request (this is the URL in the e-mail) is handled
by IE!! Outlook should be handling off completely to the specified
default browser, but apparently it wants to request the URL. Then IE
(embedded in Outlook) follows the redirect, and gives the REDIRECT
target to FF. NOW FF does NOT have the session cookie, and, hence, the
timeout.

204.9.220.36 - - [01/Jul/2006:15:17:17 -0600] "GET
/?mr=Ed8Y-qnjVkw5BnlLEbWmy4VsgNo HTTP/1.1" 302 - "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1; SV1)"
204.9.220.36 - - [01/Jul/2006:15:17:18 -0600] "GET /multirefSelect.html
HTTP/1.1" 200 5498 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.1; SV1)"
204.9.220.36 - - [01/Jul/2006:15:17:20 -0600] "GET /multirefSelect.html
HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
204.9.220.36 - - [01/Jul/2006:15:17:20 -0600] "GET /timeout.html
HTTP/1.1" 200 1655 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"

 

[Milly Staples - MVP Outlook]

Send feedback to Microsoft about the Office 2007 beta using the Send a Smile
tool:
http://www.microsoft.com/downloads/...E2-BC0F-4403-B09F-7A677D55F274&displaylang=en

You can include screenshots and details of exactly what you are seeing and
what you would expect to have happen instead. These logs are read by the
beta team daily, tracked, investigated and incorporated into the beta
feedback from technical beta testers. It does not go down a black hole.
Include your contact information if you believe more information may be
requested.

--
Milly Staples [MVP - Outlook]

Post all replies to the group to keep the discussion intact. All
unsolicited mail sent to my personal account will be deleted without
reading.

After furious head scratching, (e-mail address removed) asked:

| If anyone from Microsoft is listening . . .
|
| (sorry about the "yelling" . . .)
|
| THE FOLLOWING SEEMS TO BE A BUG IN OUTLOOK IN OFFICE 12.
|
| Using the Office 12 Beta version of Outlook:
|
| I have a link in an e-mail.
|
| I click it.
|
| This brings up Internet Explorer, as expected. (I have seen this with
| Outlook + IE 6 and also the new IE 7 beta.)
|
| Note that the requested URL performs a REDIRECT.
|
| Now here's the strange thing:
|
| In my server logs, there are TWO requests to the page to which the
| redirect is pointed.
|
| This is pretty terrible, because a session cookie is managed by the
| server. Since there are two requests, and the session is assigned
| after the redirect, it means two sessions are created. The user
| always sees a timeout.
|
| Note as well that I have observed on another machine that the user
| agent for one request has "Office 12" in it; the other doesn't. This
| suggests that when the link is clicked, OUTLOOK is also making a
| request to the clicked link, as well as IE.

 

[john.g.norman]

Milly: Thanks a ton.

 

[Milly Staples - MVP Outlook]

You are welcome.

Microsoft, I think, recognizes that even with 10,000 technical beta testers,
there will be issues that arise, both from an appearance and usability
standpoint, that we may not catch due to our disparate configurations. I
think they have made the best compromise with this tool to accommodate the
users who download the public beta and those who have direct access to
report bugs.

--
Milly Staples [MVP - Outlook]

Post all replies to the group to keep the discussion intact. All
unsolicited mail sent to my personal account will be deleted without
reading.

After furious head scratching, (e-mail address removed) asked:

| Milly: Thanks a ton.
|
| Milly Staples - MVP Outlook wrote:
|| Send feedback to Microsoft about the Office 2007 beta using the Send
|| a Smile tool:
||
http://www.microsoft.com/downloads/...E2-BC0F-4403-B09F-7A677D55F274&displaylang=en
||
|| You can include screenshots and details of exactly what you are
|| seeing and what you would expect to have happen instead. These logs
|| are read by the beta team daily, tracked, investigated and
|| incorporated into the beta feedback from technical beta testers. It
|| does not go down a black hole. Include your contact information if
|| you believe more information may be requested.
||
|| --
|| Milly Staples [MVP - Outlook]
||
|| Post all replies to the group to keep the discussion intact. All
|| unsolicited mail sent to my personal account will be deleted without
|| reading.
||
|| After furious head scratching, (e-mail address removed) asked:
||
||| If anyone from Microsoft is listening . . .
|||
||| (sorry about the "yelling" . . .)
|||
||| THE FOLLOWING SEEMS TO BE A BUG IN OUTLOOK IN OFFICE 12.
|||
||| Using the Office 12 Beta version of Outlook:
|||
||| I have a link in an e-mail.
|||
||| I click it.
|||
||| This brings up Internet Explorer, as expected. (I have seen this
||| with Outlook + IE 6 and also the new IE 7 beta.)
|||
||| Note that the requested URL performs a REDIRECT.
|||
||| Now here's the strange thing:
|||
||| In my server logs, there are TWO requests to the page to which the
||| redirect is pointed.
|||
||| This is pretty terrible, because a session cookie is managed by the
||| server. Since there are two requests, and the session is assigned
||| after the redirect, it means two sessions are created. The user
||| always sees a timeout.
|||
||| Note as well that I have observed on another machine that the user
||| agent for one request has "Office 12" in it; the other doesn't. This
||| suggests that when the link is clicked, OUTLOOK is also making a
||| request to the clicked link, as well as IE.

 

[john.g.norman]

I think the smile tool is a great idea.

This behavior is pretty deadly. If it is consistent, it means that
Outlook would produce anomalous behavior for any site that builds a
session before a redirect. This is a very common design pattern. I
haven't gotten into it yet, but there are numerous sites that do this:
If I have time, I'll make a list of some prominent ones.

The other thing is that for any business that depends on click counting
(businesses that need to provide to their customers data on the
popularity of links and so forth), this behavior means that clicks from
Outlook would get counted twice.

It really violates a fundamental implied assumption about the perceived
behavior of HTTP user agents: One click, one response.

I'm hoping it's just an oversight, and not something that has a
"reason."

You are welcome.

Microsoft, I think, recognizes that even with 10,000 technical beta testers,
there will be issues that arise, both from an appearance and usability
standpoint, that we may not catch due to our disparate configurations. I
think they have made the best compromise with this tool to accommodate the
users who download the public beta and those who have direct access to
report bugs.

--
Milly Staples [MVP - Outlook]

Post all replies to the group to keep the discussion intact. All
unsolicited mail sent to my personal account will be deleted without
reading.

After furious head scratching, (e-mail address removed) asked:

| Milly: Thanks a ton.
|
| Milly Staples - MVP Outlook wrote:
|| Send feedback to Microsoft about the Office 2007 beta using the Send
|| a Smile tool:
||
http://www.microsoft.com/downloads/...E2-BC0F-4403-B09F-7A677D55F274&displaylang=en
||
|| You can include screenshots and details of exactly what you are
|| seeing and what you would expect to have happen instead. These logs
|| are read by the beta team daily, tracked, investigated and
|| incorporated into the beta feedback from technical beta testers. It
|| does not go down a black hole. Include your contact information if
|| you believe more information may be requested.
||
|| --
|| Milly Staples [MVP - Outlook]
||
|| Post all replies to the group to keep the discussion intact. All
|| unsolicited mail sent to my personal account will be deleted without
|| reading.
||
|| After furious head scratching, (e-mail address removed) asked:
||
||| If anyone from Microsoft is listening . . .
|||
||| (sorry about the "yelling" . . .)
|||
||| THE FOLLOWING SEEMS TO BE A BUG IN OUTLOOK IN OFFICE 12.
|||
||| Using the Office 12 Beta version of Outlook:
|||
||| I have a link in an e-mail.
|||
||| I click it.
|||
||| This brings up Internet Explorer, as expected. (I have seen this
||| with Outlook + IE 6 and also the new IE 7 beta.)
|||
||| Note that the requested URL performs a REDIRECT.
|||
||| Now here's the strange thing:
|||
||| In my server logs, there are TWO requests to the page to which the
||| redirect is pointed.
|||
||| This is pretty terrible, because a session cookie is managed by the
||| server. Since there are two requests, and the session is assigned
||| after the redirect, it means two sessions are created. The user
||| always sees a timeout.
|||
||| Note as well that I have observed on another machine that the user
||| agent for one request has "Office 12" in it; the other doesn't. This
||| suggests that when the link is clicked, OUTLOOK is also making a
||| request to the clicked link, as well as IE.

 

[Patrick Schmid]

Hi John,

As it is so important issue, could you send me an email please with the
details and your findings? (you can get my email address from my
website). I'd like to make sure that a formal bug report is submitted
for this as well.

Thanks,

Patrick Schmid
--------------
http://pschmid.net

I think the smile tool is a great idea.

This behavior is pretty deadly. If it is consistent, it means that
Outlook would produce anomalous behavior for any site that builds a
session before a redirect. This is a very common design pattern. I
haven't gotten into it yet, but there are numerous sites that do this:
If I have time, I'll make a list of some prominent ones.

The other thing is that for any business that depends on click counting
(businesses that need to provide to their customers data on the
popularity of links and so forth), this behavior means that clicks from
Outlook would get counted twice.

It really violates a fundamental implied assumption about the perceived
behavior of HTTP user agents: One click, one response.

I'm hoping it's just an oversight, and not something that has a
"reason."

You are welcome.

Microsoft, I think, recognizes that even with 10,000 technical beta testers,
there will be issues that arise, both from an appearance and usability
standpoint, that we may not catch due to our disparate configurations. I
think they have made the best compromise with this tool to accommodate the
users who download the public beta and those who have direct access to
report bugs.

--
Milly Staples [MVP - Outlook]

Post all replies to the group to keep the discussion intact. All
unsolicited mail sent to my personal account will be deleted without
reading.

After furious head scratching, (e-mail address removed) asked:

| Milly: Thanks a ton.
|
| Milly Staples - MVP Outlook wrote:
|| Send feedback to Microsoft about the Office 2007 beta using the Send
|| a Smile tool:
||
http://www.microsoft.com/downloads/...E2-BC0F-4403-B09F-7A677D55F274&displaylang=en
||
|| You can include screenshots and details of exactly what you are
|| seeing and what you would expect to have happen instead. These logs
|| are read by the beta team daily, tracked, investigated and
|| incorporated into the beta feedback from technical beta testers. It
|| does not go down a black hole. Include your contact information if
|| you believe more information may be requested.
||
|| --
|| Milly Staples [MVP - Outlook]
||
|| Post all replies to the group to keep the discussion intact. All
|| unsolicited mail sent to my personal account will be deleted without
|| reading.
||
|| After furious head scratching, (e-mail address removed) asked:
||
||| If anyone from Microsoft is listening . . .
|||
||| (sorry about the "yelling" . . .)
|||
||| THE FOLLOWING SEEMS TO BE A BUG IN OUTLOOK IN OFFICE 12.
|||
||| Using the Office 12 Beta version of Outlook:
|||
||| I have a link in an e-mail.
|||
||| I click it.
|||
||| This brings up Internet Explorer, as expected. (I have seen this
||| with Outlook + IE 6 and also the new IE 7 beta.)
|||
||| Note that the requested URL performs a REDIRECT.
|||
||| Now here's the strange thing:
|||
||| In my server logs, there are TWO requests to the page to which the
||| redirect is pointed.
|||
||| This is pretty terrible, because a session cookie is managed by the
||| server. Since there are two requests, and the session is assigned
||| after the redirect, it means two sessions are created. The user
||| always sees a timeout.
|||
||| Note as well that I have observed on another machine that the user
||| agent for one request has "Office 12" in it; the other doesn't. This
||| suggests that when the link is clicked, OUTLOOK is also making a
||| request to the clicked link, as well as IE.

 

[john.g.norman]

Patrick,

The substance of what I reported to Microsoft was based on this posting
(the 2nd in the thread):

http://groups.google.com/group/micr.../a5c0adfe299a8578?tvc=1&#doc_318d0e2b00f353ff

So, to recap:

When clicking on a link, the embedded browser in Outlook seems to make
a request to the link target.

Then Outlook follows the redirect, and gives the external browser
(which might be IE 6, IE 7, Firefox -- I observed the same problem in
all of these browsers) the redirect target.

The earlier posting contains some web server log extracts.

The redirect management is extremely weird: But so is the notion that
Outlook would make a request, and then hand over the link to the
browser for a second request. That alone (two requests) is highly
problematic for any site that counts clicks.

And, as I said, the redirect phenomenon can result in the user landing
on a page without a session; and, therefore, a timeout.

An answer to the factual question, "does Outlook make a request to the
link before handing the request to the external browser" would by
itself by interesting -- and knowing why would help, too. I have not
observed such behavior in Outlook, Outlook Express, Thunderbird,
Eudora, etc.: We routinely test all of the major e-mail clients at my
company, and we've never seen anything like this.

I'm hoping it's just an oversight: Some configuration was set wrong for
the DLL for the embedded browser.

John

Hi John,

As it is so important issue, could you send me an email please with the
details and your findings? (you can get my email address from my
website). I'd like to make sure that a formal bug report is submitted
for this as well.

Thanks,

Patrick Schmid
--------------
http://pschmid.net

I think the smile tool is a great idea.

This behavior is pretty deadly. If it is consistent, it means that
Outlook would produce anomalous behavior for any site that builds a
session before a redirect. This is a very common design pattern. I
haven't gotten into it yet, but there are numerous sites that do this:
If I have time, I'll make a list of some prominent ones.

The other thing is that for any business that depends on click counting
(businesses that need to provide to their customers data on the
popularity of links and so forth), this behavior means that clicks from
Outlook would get counted twice.

It really violates a fundamental implied assumption about the perceived
behavior of HTTP user agents: One click, one response.

I'm hoping it's just an oversight, and not something that has a
"reason."

You are welcome.

Microsoft, I think, recognizes that even with 10,000 technical beta testers,
there will be issues that arise, both from an appearance and usability
standpoint, that we may not catch due to our disparate configurations. I
think they have made the best compromise with this tool to accommodate the
users who download the public beta and those who have direct access to
report bugs.

--
Milly Staples [MVP - Outlook]

Post all replies to the group to keep the discussion intact. All
unsolicited mail sent to my personal account will be deleted without
reading.

After furious head scratching, (e-mail address removed) asked:

| Milly: Thanks a ton.
|
| Milly Staples - MVP Outlook wrote:
|| Send feedback to Microsoft about the Office 2007 beta using the Send
|| a Smile tool:
||
http://www.microsoft.com/downloads/...E2-BC0F-4403-B09F-7A677D55F274&displaylang=en
||
|| You can include screenshots and details of exactly what you are
|| seeing and what you would expect to have happen instead. These logs
|| are read by the beta team daily, tracked, investigated and
|| incorporated into the beta feedback from technical beta testers. It
|| does not go down a black hole. Include your contact information if
|| you believe more information may be requested.
||
|| --
|| Milly Staples [MVP - Outlook]
||
|| Post all replies to the group to keep the discussion intact. All
|| unsolicited mail sent to my personal account will be deleted without
|| reading.
||
|| After furious head scratching, (e-mail address removed) asked:
||
||| If anyone from Microsoft is listening . . .
|||
||| (sorry about the "yelling" . . .)
|||
||| THE FOLLOWING SEEMS TO BE A BUG IN OUTLOOK IN OFFICE 12.
|||
||| Using the Office 12 Beta version of Outlook:
|||
||| I have a link in an e-mail.
|||
||| I click it.
|||
||| This brings up Internet Explorer, as expected. (I have seen this
||| with Outlook + IE 6 and also the new IE 7 beta.)
|||
||| Note that the requested URL performs a REDIRECT.
|||
||| Now here's the strange thing:
|||
||| In my server logs, there are TWO requests to the page to which the
||| redirect is pointed.
|||
||| This is pretty terrible, because a session cookie is managed by the
||| server. Since there are two requests, and the session is assigned
||| after the redirect, it means two sessions are created. The user
||| always sees a timeout.
|||
||| Note as well that I have observed on another machine that the user
||| agent for one request has "Office 12" in it; the other doesn't. This
||| suggests that when the link is clicked, OUTLOOK is also making a
||| request to the clicked link, as well as IE.