As the title suggest, I misunderstood 301 page redirect in one of my web applications which led to, that's right, a Bug!

Let's first try to understand why we need a page redirect and how should we use it. I will try my best to explain this using some scenarios below.

Scenario 1

Suppose you have a website whose url is This website has all the things for SEO (Search Engine Optimization). Now your team has developed a new and better web application which can handle more complex things than this one. This web application is live with url Business requires your user to be redirected to the new website whenever someone tries to open the old one.

Scenario 2

Upon login into your new web application, user should be redirected to his/her home page based upon the roles/permission he/she has.

Both the scenarios above require page redirects. There are lot of ways to achieve this i.e. adding redirect code in .htaccess file, in Javascript file or at proxy level( nginx or Appache etc), but what all redirect codes are available and which one should you be using?

HTTP codes for redirection are 30X (where X is from 0 to 7). For the sake of simplicity I will take only 2 status code into account, i.e. 301 and 302.

As per w3.org1 this is what they mean -

301 - The requested resource has been assigned a new permanent URI and any future references to this resource SHOULD use one of the returned URIs


302 - The requested resource resides temporarily under a different URI. Since the redirection might be altered on occasion, the client SHOULD continue to use the Request-URI for future requests.

So which redirect code should you use? It's pretty much clear that for scenario 1 it will be a 301 and 302 for the other one, but what if you used 301 for Scenario 2?

Let's try to understand what can happen if you used 301 for Scenario 2 as it happened with us -

User A has an Order role and whenever he/she logins they are taken to /order page , i.e. --> after login --> redirects to

Requirement changed a little bit, now the user has to accept an agreement and only after acceptance he/she needs to be redirected to /order, i.e. --> after login --> A page to accept agreement --> Accepts agreement -->redirects to

So we implemented this feature and asked the user to login. Ideally the above flow should happen, but it didn't, and the user went to /order page without accepting the agreement after login. The agreement page never showed up. However when using an incognito tab2 we saw this agreement page coming. Since incognito tab in chrome uses fresh cache store, it was clear that the issue was related to caching.

The culprit that was helping in caching this was the status code we were using for /order. It was a 301 redirect.

301 status code tells the client that the url has been permanently moved to a new location. So when the users were logging into the web application the response got cached to /order. Sending an new HTML response or a new url redirection was giving us 301 Moved Permanently (from browser cache) and the user was going to /order page.

We had no control over this and the users had to manually clear the cache in order to accept agreement. This led to many emails from customer support team to us.

Not using correct status codes can cause bad user experience which can lead to business loss too. Make sure that you use codes for what they have been built for.

If you want to add more comments to the article or you see any thing incorrect please write a comment below and we will surely get back to you.

Trending Articles

Incorrect table definition there can be only one TIMESTAMP column with CURRENT_TIMESTAMP in DEFAULT or ON UPDATE clause

Infix To Postfix Conversion Using Stack in Javascript

How to solve IE/Edge CORS error ?

Web Server vs Application Server Difference Explained

How to setup angular2 in visual studio ide

Binary Search Tree Insert node Implementation in Javascript

How to use ninject dependency injection in mvc

How to Add Comparison Feature in Replace in C-Sharp