remmuh
asked on
Problem with URL redirection when logging in
I am in the process of creating an authorization system for the site http://www.calvarycch.org/. I have created a table in the database that contains roles for users that are created. Some of the roles need to have URLs to redirect to. However, not all roles have these URLs.
The problem I am having is when I login with a browser that has not been to the page before (or if the cookies are deleted relating to ColdFusion) then the page does not redirect, it simply goes back to the page they logged from. Going back to the refer page is part of the script but only if a URL is defined. The thing is, if they logout and log back in the redirect URL from the db does work. The code for the page can be found at http://www.digitaleyeon.com/miscFiles/loginError.txt .
Thanks in advance!
The problem I am having is when I login with a browser that has not been to the page before (or if the cookies are deleted relating to ColdFusion) then the page does not redirect, it simply goes back to the page they logged from. Going back to the refer page is part of the script but only if a URL is defined. The thing is, if they logout and log back in the redirect URL from the db does work. The code for the page can be found at http://www.digitaleyeon.com/miscFiles/loginError.txt .
Thanks in advance!
ASKER
I sent the file to my host, so I will let you know if it works!
ASKER
Ok, I added the file to my custom tags directory. And it still doesn't seem to work. If you decide to try it, be sure you don't have any cookies for calvarycch.org or www.calvarycch.org depending on how you access the page.
Did you change your CFLOCATION tags to CF_LOCATION? To try it, do I need to login? If so, do you have a username and password I can test with?
ASKER
I did change the tags to cf_location. You may login with user: homerun and pass: homerun
Thank you.
Thank you.
I have had similar problems to what you are describing when I have used the <cflogin> tag. There are some issues that I was never able to overcome with that tag - so I moved to using my own login management by maintaining a "session.isloggedin" variable.
A little more details here: https://www.experts-exchange.com/questions/21283660/Login-problem-after-changing-password-in-sql-database-user-can-still-logon-with-old-password-and-new-one.html
Let me know if you want me to describle more fully.
Ben
A little more details here: https://www.experts-exchange.com/questions/21283660/Login-problem-after-changing-password-in-sql-database-user-can-still-logon-with-old-password-and-new-one.html
Let me know if you want me to describle more fully.
Ben
Hmmmm... I see what you're talking about. Very odd indeed! First time I logged in, I was brought right back to the home page and the only change was that it gave me the welcome message where the login box was. And like you said, after logging out and logging back in the redirect worked.
If you have this site on a test server where we can change a few things just to see what the results are, I'd say the processing page (that you supplied the code for) comment out all of the CF_LOCATION tags for now, and put in some text that will display to show where the script ends up. Such as change the bottom CFIF section to be something like:
<cfif isDefined('getRole.url')>
<!--- <cf_location url="#getRole.url#"> --->
Get role is defined.
<cfelse>
<!--- <cf_location url="#session.loginRefer#" > --->
Get role is NOT defined.
</cfif>
Another thing, try and turn on debugging for your IP. I have a feeling that maybe your getRole query is not returning any records the first time around. Also, the CFLOGINUSER tag is supposed to be within a CFLOGIN tag, not sure if this would cause any issues, but you never know... Feel free to have the page display values of other variables just to see the status of them at different points.
Let me know what happens!
Peter
If you have this site on a test server where we can change a few things just to see what the results are, I'd say the processing page (that you supplied the code for) comment out all of the CF_LOCATION tags for now, and put in some text that will display to show where the script ends up. Such as change the bottom CFIF section to be something like:
<cfif isDefined('getRole.url')>
<!--- <cf_location url="#getRole.url#"> --->
Get role is defined.
<cfelse>
<!--- <cf_location url="#session.loginRefer#"
Get role is NOT defined.
</cfif>
Another thing, try and turn on debugging for your IP. I have a feeling that maybe your getRole query is not returning any records the first time around. Also, the CFLOGINUSER tag is supposed to be within a CFLOGIN tag, not sure if this would cause any issues, but you never know... Feel free to have the page display values of other variables just to see the status of them at different points.
Let me know what happens!
Peter
ASKER
Ok, I made those changes. Btw, CFLOGINUSER was in CFLOGIN. Anyway, weird stuff is happening. It seems to be bypassing the CFLOGIN tagged area altogether if the cookies are not defined. However, in IE on the PC, this does not seem to make a difference, in every other browser, same problem.
I updated the code and you can see these updates here:
http://www.digitaleyeon.com/miscFiles/loginError.txt
Thank you so much for helping.
I updated the code and you can see these updates here:
http://www.digitaleyeon.com/miscFiles/loginError.txt
Thank you so much for helping.
ASKER
Alright, I think I figured out what my problem was, kind of. I wanted to use the cflogin variable scope so that is why I defined my login form as j_username and j_password. But I think, using that scope was what was messing me up, because now, I am using the form name login_user and login_pass and everything seems to work fine. Check it out at www.calvarycch.org, login with homerun and homerun.
Thanks for your help anyway. I think this will suffice. Although, I will be interested to know if anybody does come up with a solution for the cflogin scope. Anyway, thanks!
Thanks for your help anyway. I think this will suffice. Although, I will be interested to know if anybody does come up with a solution for the cflogin scope. Anyway, thanks!
Looks great!!! I just noticed that my really long post that I submitted last night right before I left work never went through because my session must have timed out. I bascially said in the post that maybe you should go with Ben's suggestion above. But now it seems that you got the CFLOGIN to work after all! Congrats! If you do come across more CFLOGIN issues in the future you may think about just using your own session variables to contain all of the needed authentication info. You can even make it into a custom tag that you can use for various situations. I'm currently contracting at a law enforcement agency, and since security is a big thing, I created a custom tag that I can pass different attributes to it to make it authenticate against different databases and different tables, or for low security applications it just authenticates against LDAP and allows any agency personnell access to the app.
Anyway, Good work at figuring it out!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
<!--- --------- BEGIN LOCATION.CFM CODE ------------- --->
<CFPARAM NAME="Attributes.URL" TYPE="string">
<CFPARAM NAME="Attributes.ADDTOKEN"
<CFIF Attributes.ADDTOKEN>
<CFTRY>
<CFPARAM NAME="Client.CFID">
<CFPARAM NAME="Client.CFTOKEN">
<CFCATCH TYPE="Any">
<CFABORT SHOWERROR="You must have <b>CLIENTMANAGEMENT=""Yes"
</CFCATCH>
</CFTRY>
<CFIF Find("?", Attributes.URL)>
<CFSET theRest = "&">
<CFELSE>
<CFSET theRest = "?">
</CFIF>
<CFSET theRest = theRest & "CFID=#Client.CFID#&CFTOKE
<CFELSE>
<CFSET theRest = "">
</CFIF>
<CFSET theURL = Attributes.URL & theRest>
<CFHEADER STATUSCODE="302" STATUSTEXT="Object Temporarily Moved">
<CFHEADER NAME="location" VALUE="#theURL#">
<!--- --------- END LOCATION.CFM CODE ------------- --->