I’d like to take a moment to rant about a problem I came across at work this week.

We are building a little app that lets you browse live music streams in your web browser. Sounds simple enough, right? Well, it is, and it isn’t. The client needs to password protect these streams (it’s a subscription service) and so the actual stream URLs and all the pages associated with the application are protected behind some session based security. Normally (when I say ‘normally’ I really mean ‘on windows PCs’) when you log in to a site that uses session security, you log in once and the remote site tracks your movement through the site using a cookie or some other way of identifying you. So you log in, then lets say you have a plugin on the page which needs to play a stream. The plugin would make the request, and the server would see that the request is coming from an authenticated user (it would tie the request to your existing session) and you get the goods as expected.

Well. Apparently Microsoft (or maybe the Netscape plugin architecture is to blame?) thought that this wasn’t a good idea, and they set up their plugin so it sends a serparate request. So instead of the request for this file coming from our browser that has authenticated, the request comes from somewhere else on the user’s computer, therefore making the web server think that the request is coming from someone else, and not giving us the file as we expected.

Because of all this, people who want to enjoy this great application are forced to use Microsoft Internet Explorer (on PC only), since this is the only browser that has a plugin that will handle the requests as intended. Sigh.

p.s. Before anyone tries to point out that Firefox/Mozilla have ActiveX controls, I’d like to point out that the plugins not only have a very unprofessional looking download site (most users probably wouldn’t want to trust something coming from that page) and they also are lacking in support for the latest version of Firefox – the last three versions, in fact.