Problem with URL redirection when logging in

I think the problem you are encountering is due to a problem that CF has had forever (or at least when I started with it when version 2.0 was released).  You cannot set session variables or cookies on a page then do a CFLOCATION on the same page.  The work around to this is to create a CF_LOCATION tag.  Place the below code in LOCATION.CFM and place in your Custom Tags directory under the CF install directory.  The usage is exactly the same as the CFLOCATION tag, just that you need to call it as CF_LOCATION.  Because of the way that it sets the headers directly to activate the redirect it allows for cookies and such to be set.  Hope it helps!

<!--- --------- BEGIN LOCATION.CFM CODE ------------- --->
<CFPARAM NAME="Attributes.URL" TYPE="string">
<CFPARAM NAME="Attributes.ADDTOKEN" TYPE="boolean" DEFAULT="No">
<CFIF Attributes.ADDTOKEN>
      <CFTRY>
            <CFPARAM NAME="Client.CFID">
            <CFPARAM NAME="Client.CFTOKEN">
            <CFCATCH TYPE="Any">
                  <CFABORT SHOWERROR="You must have <b>CLIENTMANAGEMENT=""Yes""</b> in your CFAPPLICATION tag (usually in Application.cfm) if you choose to specify <b>ADDTOKEN=""Yes""</b> in your CF_LOCATION tag.">
            </CFCATCH>
      </CFTRY>
      <CFIF Find("?", Attributes.URL)>
            <CFSET theRest = "&">
      <CFELSE>
            <CFSET theRest = "?">
      </CFIF>
<CFSET theRest = theRest & "CFID=#Client.CFID#&CFTOKEN=#Client.CFTOKEN#">
<CFELSE>
      <CFSET theRest = "">
</CFIF>
<CFSET theURL = Attributes.URL & theRest>
<CFHEADER STATUSCODE="302" STATUSTEXT="Object Temporarily Moved">
<CFHEADER NAME="location" VALUE="#theURL#">
<!--- --------- END LOCATION.CFM CODE ------------- --->

I sent the file to my host, so I will let you know if it works!

Ok, I added the file to my custom tags directory. And it still doesn't seem to work. If you decide to try it, be sure you don't have any cookies for calvarycch.org or www.calvarycch.org depending on how you access the page.

Did you change your CFLOCATION tags to CF_LOCATION?  To try it, do I need to login?  If so, do you have a username and password I can test with?

I did change the tags to cf_location. You may login with user: homerun and pass: homerun
Thank you.

I have had similar problems to what you are describing when I have used the <cflogin> tag.  There are some issues that I was never able to overcome with that tag - so I moved to using my own login management by maintaining a "session.isloggedin" variable.

A little more details here: https://www.experts-exchange.com/questions/21283660/Login-problem-after-changing-password-in-sql-database-user-can-still-logon-with-old-password-and-new-one.html

Let me know if you want me to describle more fully.

Ben

Hmmmm... I see what you're talking about.  Very odd indeed!  First time I logged in, I was brought right back to the home page and the only change was that it gave me the welcome message where the login box was.  And like you said, after logging out and logging back in the redirect worked.

If you have this site on a test server where we can change a few things just to see what the results are, I'd say the processing page (that you supplied the code for) comment out all of the CF_LOCATION tags for now, and put in some text that will display to show where the script ends up.  Such as change the bottom CFIF section to be something like:

<cfif isDefined('getRole.url')>
     <!--- <cf_location url="#getRole.url#"> --->
     Get role is defined.
<cfelse>
     <!--- <cf_location url="#session.loginRefer#"> --->
     Get role is NOT defined.
</cfif>

Another thing, try and turn on debugging for your IP.  I have a feeling that maybe your getRole query is not returning any records the first time around.  Also, the CFLOGINUSER tag is supposed to be within a CFLOGIN tag, not sure if this would cause any issues, but you never know...  Feel free to have the page display values of other variables just to see the status of them at different points.

Let me know what happens!

Peter

Ok, I made those changes. Btw, CFLOGINUSER was in CFLOGIN. Anyway, weird stuff is happening. It seems to be bypassing the CFLOGIN tagged area altogether if the cookies are not defined. However, in IE on the PC, this does not seem to make a difference, in every other browser, same problem.

I updated the code and you can see these updates here:
http://www.digitaleyeon.com/miscFiles/loginError.txt

Thank you so much for helping.

Alright, I think I figured out what my problem was, kind of. I wanted to use the cflogin variable scope so that is why I defined my login form as j_username and j_password. But I think, using that scope was what was messing me up, because now, I am using the form name login_user and login_pass and everything seems to work fine. Check it out at www.calvarycch.org, login with homerun and homerun.

Thanks for your help anyway. I think this will suffice. Although, I will be interested to know if anybody does come up with a solution for the cflogin scope. Anyway, thanks!

Looks great!!!  I just noticed that my really long post that I submitted last night right before I left work never went through because my session must have timed out.  I bascially said in the post that maybe you should go with Ben's suggestion above.  But now it seems that you got the CFLOGIN to work after all!  Congrats!  If you do come across more CFLOGIN issues in the future you may think about just using your own session variables to contain all of the needed authentication info.  You can even make it into a custom tag that you can use for various situations.  I'm currently contracting at a law enforcement agency, and since security is a big thing, I created a custom tag that I can pass different attributes to it to make it authenticate against different databases and different tables, or for low security applications it just authenticates against LDAP and allows any agency personnell access to the app.

Anyway, Good work at figuring it out!