AOL issues: what you need to know to fix AOL issues on your web site
26 September 2006After the release of our latest CactuShop v6 shopping cart, we received a few reports of AOL users being unable to use the cart properly. It seemed that despite testing in all major browsers, and ensuring XHTML compliance, for some reason AOL users just couldn't get items to stay in the basket.
It seemed that AOLers *could* use the shopping cart fine if they started up another browser like IE or Firefox; they only got the problems with the AOL browser. So we started by downloading this from AOL's web site... and were quite impressed. It's based on IE (the main drawback), but has a much nicer looking interface. It also has tabbed browsing including the slickest implementation we've seen of tab thumbnails that give you a popup thumbnail of what each tab contains when you hover over it. Very nifty.
But try as we might, we could not generate the problems users had reported. So it did not seem to be the AOL browser itself that was responsible.
Some googling later and we began to focus on caching. AOL has a penchant for bandwidth saving techniques, including their annoying image compression that rendered many sites unrecognizable. If a user viewed a page, and added an item to the basket, then they would get a cached version of the page next time which would be a copy of the page *before* they added the item. So the basket appears blank even though it isn't, because the user is seeing an old snapshot served from the AOL cache. There is some ASP code to write headers that should prevent the page from being cached or otherwise stored on any proxies or in the browser's own cache:
Response.addHeader "Cache-Control", "no-cache"
Response.addHeader "Cache-Control", "private"
Response.addHeader "Cache-Control", "max-age=0"
...and even the atomic weapon of anti-caching:
Response.addHeader "Cache-Control", "no-store"
...but despite confirming that caching had been eliminated (by using a response.write to show the exact time on the page), the problem was not fixed.
Finally, we found the issue. AOL's browser installed with AOL 9 (and potentially other full AOL installs too) routed all page requests via AOL's proxy servers rather than connecting the users direct to a web site. There was no way to turn this off. The problem with AOL's proxy system is that it appeared to be load balanced so that a user would hit a different proxy each time. The result was that the AOL user's IP address that is visible to the shopping cart appears to change on each page they hit.
Because our new session system used IP to add some extra security to the session, it could not link the session with the user when they hit subsequent pages, so they lost basket info and any other values stored in the session.
In summary, if you're finding AOL users experiencing issues with your application, the problem is almost certainly related to AOL's proxy. Check that you have anti-caching headers being written with each page and ensure that you are not using IP for session security.