The KnitPicks website has long been bedeviled by an Internet Explorer bug feature which sent you through an endless loop when trying to log into their site. However, a Ravelry user has noticed that Knit Picks finally implemented a fix.
Internet Explorer users rejoice – now you can log in to make purchases!
Background: Formerly, when logging into the Knit Picks website using Internet Explorer, you would try to log in, only to be redirected back to the same login page again. This problem did NOT occur when using Firefox, Opera, or any other sane browser.
Believe it or not, this behavior is actually a security feature. On June 5, 2000, Microsoft published the fateful security patch MS00-039. (The patch was later incorporated into Internet Explorer 6.) This patch was meant to prevent “Man in the Middle” attacks.
To grossly over-simplify: in a Man in the Middle attack, while your browser is being directed from one site to another, it gets hijacked by EVIL EVIL HACKERS. (Crackers.) Microsoft’s security fix prevents this by detecting a URL redirect, and automatically sending you back to the original page.
The problem of course is that URL redirects aren’t always malicious. For example, you may go to http://knitpicks.com instead of http://www.knitpicks.com. If you then went to the KnitPicks secure login page, the URL would be https://knitpicks.com/login.asp.
The problem is that when you log in, you’re automatically redirected from https://knitpicks.com to https://www.knitpicks.com. At which point Internet Explorer squeals, “OH NO HACKERS, HELP!!!” and goes back to your original URL – https://knitpicks.com/login.asp – where you’re faced with the same blank login screen.
KnitPicks finally worked around this problem by implementing a top-level URL redirect. Now when you go to http://knitpicks.com you’ll notice that you’re automatically redirected to http://www.knitpicks.com first thing. (Since this redirect doesn’t happen on an SSL-secured page, Internet Explorer doesn’t object.) Since KnitPicks is using IIS, I assume they implemented the Microsoft version of an htaccess file.
It’s not KnitPicks’ fault that this happened, but I feel obliged to point out that their website has suffered from this problem for many years. I ran into the same problem myself in 2004. (Fortunately I knew what was going on, so I switched over to Firefox and logged in successfully.)
One can’t help but notice that they fixed the problem about a week after the giant Ravelry bitch-fest. Has no one ever complained of this problem before? Is the timing just a coincidence? Or were past complaints ignored as one-off freak issues, probably user-related?
Jess and Casey have always been active in repeating the Ravelry mantra, “Ravelry is not customer service!” Nevertheless, it seems that complaining about a problem in public on Ravelry creates more traction than direct contact alone.
