I hear what you are saying about single-user environment.
There is another request coming into the filter, somehow. The multiple calls to NOTIFY_URL_MAP indicate that. It's curious that one of them is mappnig to /index.htm. Do you have a doc called index.htm? If so, what is in that
Can you try this test for me? Suppose you change the rule for rewritetest.html and rewrite it to Cheeso.htm. And then you create a document called Cheeso.htm that just returns a "Hello" or something like that.
Run the request again. Do you see 2 calls to NOTIFY_URL_MAP in that case?
The fact that you get 2 different pointers in those calls to NOTIFY_URL_MAP leads me to conclude that there are 2 distinct HTTP sessions opened with the server. It's odd because there is only a single AUTH_COMPLETE. IIRF does
the rewrite during the AUTH_COMPLETE event. Look in the log you will see a NOTIFY_AUTH_COMPLETE, followed by DoRewrites. This happens once per request. You have two of them, one for rewritetest.html ,and another for topdoc.gif.
(Where is that coming from anyway?)
The NOTIFY_URL_MAP can happen multiple times per request, but there is logic within IIRF to check for this and only store the pathname once, as necessary. If that logic path were followed you would not see the two messages stating "Storing physical
It sure seems like the filter is getting a NOTIFY_URL_MAP with no preceding NOTIFY_AUTH_COMPLETE. What I mean is, there are two sessions open with the IIS Server, and IIRF is getting notified on both of them. The first session is the request
for rewritetest.html, and gets authorized. The second session is.. I don't know what... it does not get an AUTH_COMPLETE event.
Actually it is a bit more complicated - you are getting 2 NOTIFY_URL_MAP events for the NOTIFY_AUTH_COMPLETE event - the request for rewritetest.html. And you are also getting two additional NOTIFY_URL_MAP events with no preceding NOTIFY_AUTH_COMPLETE.
That is the secret second session.
It is not going through the AUTH_COMPLETE - is there some different server or website or application that has Authorization turned off?
Is this a HTTP POST or is ait an HTTP GET ?