[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Problem with URL redirection when logging in

Posted on 2005-04-05
13
Medium Priority
?
241 Views
Last Modified: 2013-12-24
I am in the process of creating an authorization system for the site http://www.calvarycch.org/. I have created a table in the database that contains roles for users that are created. Some of the roles need to have URLs to redirect to. However, not all roles have these URLs.

The problem I am having is when I login with a browser that has not been to the page before (or if the cookies are deleted relating to ColdFusion) then the page does not redirect, it simply goes back to the page they logged from. Going back to the refer page is part of the script but only if a URL is defined. The thing is, if they logout and log back in the redirect URL from the db does work. The code for the page can be found at http://www.digitaleyeon.com/miscFiles/loginError.txt .

Thanks in advance!
0
Comment
Question by:remmuh
11 Comments
 
LVL 1

Expert Comment

by:PeterJ962
ID: 13721164
I think the problem you are encountering is due to a problem that CF has had forever (or at least when I started with it when version 2.0 was released).  You cannot set session variables or cookies on a page then do a CFLOCATION on the same page.  The work around to this is to create a CF_LOCATION tag.  Place the below code in LOCATION.CFM and place in your Custom Tags directory under the CF install directory.  The usage is exactly the same as the CFLOCATION tag, just that you need to call it as CF_LOCATION.  Because of the way that it sets the headers directly to activate the redirect it allows for cookies and such to be set.  Hope it helps!

<!--- --------- BEGIN LOCATION.CFM CODE ------------- --->
<CFPARAM NAME="Attributes.URL" TYPE="string">
<CFPARAM NAME="Attributes.ADDTOKEN" TYPE="boolean" DEFAULT="No">
<CFIF Attributes.ADDTOKEN>
      <CFTRY>
            <CFPARAM NAME="Client.CFID">
            <CFPARAM NAME="Client.CFTOKEN">
            <CFCATCH TYPE="Any">
                  <CFABORT SHOWERROR="You must have <b>CLIENTMANAGEMENT=""Yes""</b> in your CFAPPLICATION tag (usually in Application.cfm) if you choose to specify <b>ADDTOKEN=""Yes""</b> in your CF_LOCATION tag.">
            </CFCATCH>
      </CFTRY>
      <CFIF Find("?", Attributes.URL)>
            <CFSET theRest = "&">
      <CFELSE>
            <CFSET theRest = "?">
      </CFIF>
<CFSET theRest = theRest & "CFID=#Client.CFID#&CFTOKEN=#Client.CFTOKEN#">
<CFELSE>
      <CFSET theRest = "">
</CFIF>
<CFSET theURL = Attributes.URL & theRest>
<CFHEADER STATUSCODE="302" STATUSTEXT="Object Temporarily Moved">
<CFHEADER NAME="location" VALUE="#theURL#">
<!--- --------- END LOCATION.CFM CODE ------------- --->

0
 
LVL 2

Author Comment

by:remmuh
ID: 13721197
I sent the file to my host, so I will let you know if it works!
0
 
LVL 2

Author Comment

by:remmuh
ID: 13721850
Ok, I added the file to my custom tags directory. And it still doesn't seem to work. If you decide to try it, be sure you don't have any cookies for calvarycch.org or www.calvarycch.org depending on how you access the page.
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 1

Expert Comment

by:PeterJ962
ID: 13722370
Did you change your CFLOCATION tags to CF_LOCATION?  To try it, do I need to login?  If so, do you have a username and password I can test with?
0
 
LVL 2

Author Comment

by:remmuh
ID: 13723509
I did change the tags to cf_location. You may login with user: homerun and pass: homerun
Thank you.
0
 
LVL 7

Expert Comment

by:bwasyliuk
ID: 13727724
I have had similar problems to what you are describing when I have used the <cflogin> tag.  There are some issues that I was never able to overcome with that tag - so I moved to using my own login management by maintaining a "session.isloggedin" variable.

A little more details here: http://www.experts-exchange.com/Web/WebDevSoftware/ColdFusion/Q_21283660.html

Let me know if you want me to describle more fully.

Ben
0
 
LVL 1

Expert Comment

by:PeterJ962
ID: 13728989
Hmmmm... I see what you're talking about.  Very odd indeed!  First time I logged in, I was brought right back to the home page and the only change was that it gave me the welcome message where the login box was.  And like you said, after logging out and logging back in the redirect worked.

If you have this site on a test server where we can change a few things just to see what the results are, I'd say the processing page (that you supplied the code for) comment out all of the CF_LOCATION tags for now, and put in some text that will display to show where the script ends up.  Such as change the bottom CFIF section to be something like:

<cfif isDefined('getRole.url')>
     <!--- <cf_location url="#getRole.url#"> --->
     Get role is defined.
<cfelse>
     <!--- <cf_location url="#session.loginRefer#"> --->
     Get role is NOT defined.
</cfif>

Another thing, try and turn on debugging for your IP.  I have a feeling that maybe your getRole query is not returning any records the first time around.  Also, the CFLOGINUSER tag is supposed to be within a CFLOGIN tag, not sure if this would cause any issues, but you never know...  Feel free to have the page display values of other variables just to see the status of them at different points.

Let me know what happens!

Peter
0
 
LVL 2

Author Comment

by:remmuh
ID: 13730756
Ok, I made those changes. Btw, CFLOGINUSER was in CFLOGIN. Anyway, weird stuff is happening. It seems to be bypassing the CFLOGIN tagged area altogether if the cookies are not defined. However, in IE on the PC, this does not seem to make a difference, in every other browser, same problem.

I updated the code and you can see these updates here:
http://www.digitaleyeon.com/miscFiles/loginError.txt

Thank you so much for helping.
0
 
LVL 2

Author Comment

by:remmuh
ID: 13731663
Alright, I think I figured out what my problem was, kind of. I wanted to use the cflogin variable scope so that is why I defined my login form as j_username and j_password. But I think, using that scope was what was messing me up, because now, I am using the form name login_user and login_pass and everything seems to work fine. Check it out at www.calvarycch.org, login with homerun and homerun.

Thanks for your help anyway. I think this will suffice. Although, I will be interested to know if anybody does come up with a solution for the cflogin scope. Anyway, thanks!
0
 
LVL 1

Expert Comment

by:PeterJ962
ID: 13738145

Looks great!!!  I just noticed that my really long post that I submitted last night right before I left work never went through because my session must have timed out.  I bascially said in the post that maybe you should go with Ben's suggestion above.  But now it seems that you got the CFLOGIN to work after all!  Congrats!  If you do come across more CFLOGIN issues in the future you may think about just using your own session variables to contain all of the needed authentication info.  You can even make it into a custom tag that you can use for various situations.  I'm currently contracting at a law enforcement agency, and since security is a big thing, I created a custom tag that I can pass different attributes to it to make it authenticate against different databases and different tables, or for low security applications it just authenticates against LDAP and allows any agency personnell access to the app.

Anyway, Good work at figuring it out!
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 14100904
PAQed with points refunded (125)

modulo
Community Support Moderator
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A web service (http://en.wikipedia.org/wiki/Web_service) is a software related technology that facilitates machine-to-machine interaction over a network. This article helps beginners in creating and consuming a web service using the ColdFusion Ma…
Article by: kevp75
Hey folks, 'bout time for me to come around with a little tip. Thanks to IIS 7.5 Extensions and Microsoft (well... really Windows 8, and IIS 8 I guess...), we can now prime our Application Pools, when IIS starts. Now, though it would be nice t…
Integration Management Part 2
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question