Can Security Redirect to URL

Hi there,

I’m using a security module, which uses the DB to store all the rules. This module is used by more than one application, all within the same family. I have an application which manages the login (amongst other things), and a couple of others which do different things.
I need to be able to redirect someone from one application to another, e.g. a user might have permission to login and use Amazing App 1, but not Amazing App 2.
There are rules allowing access to

Everything works fine if the user has access to everything, or nothing, but if i want a rule which says ‘If the user doesn’t have permission to use Amazing App 2 (or even, redirect them to’. Currently the best i can do is redirect to an event e.g. ‘security.login’.

Am i missing something, or am i thinking about this all wrong?

It’s similar to having an Admin module, and wanting to redirect back to the root, right? Except that i want to send them to a parent or sibling (and it’s not another module).

Many Thanks for any ideas!


Sorry, currently Coldbox 3.5, but will update very soon!

Can i get a bump on this?

Any ideas?

are these modules on the same application or separate applications on the same domain?

Hi Phill,

The modules are physically located within one application (a Library), but referenced by a number of applications within the ‘Family’.

So, ummm… Both! :slight_smile:


Do you mean you just need a redirect URL to where they came from?

Luis Majano
Ortus Solutions, Corp

ColdBox Platform:
Linked In:
Social: | |

Hi Luis,

No, nothing todo with SecuredURL (I don’t think). Let’s just say, when someone tries to access something they’re not allowed to in a subfolder I want to send them to… a HTML page in the root. Can that be done?

Many Thanks,


Hi Alex,

Wouldn’t a simple http redirect to work in this case?


In your solution, is /login a route? or an application?

I have a security module, with a security handler, and a login event (/security/security/login), which is used by /admin AND /inbox. So my full path for login is OR

Now, what do i do if someone is allowed access to admin, but not inbox. They go straight to the /inbox/security/security/login URL, i need to redirect them to where they’re allowed to be which could even be /public.

Does that make sense?



I reread your post, i’m using Coldbox’s security rules (in this example, defined in a database), which has redirect value, to automatically sort all this out, however, it only (as far as i can tell) allows me to redirect to an event, within the current application. I’m just trying to figure out if i’m doing something wrong, or if that’s just how it works.

If it doesn’t allow me to redirect the way i need to, i’ll probably just create an event which handles it by hand, redirecting straight to the required location. I just don’t want to … Re-Invent The Wheel (ugh!).

Many Thanks,



The redirecturl portion can be an even or URL pattern. Have you tried it

Luis Majano
Ortus Solutions, Corp
Toll Free/Fax: 1-888-557-8057
Direct: 909-248-3408
Twitter: @lmajano, @ortussolutions

I tried absolute & relative URL patterns.

I didn’t try a complete URL, starting with http://, hold on, i’ll give that a go!



Nope, i get the full url i entered as the redirect value showing up after /index.cfm/ (/index.cfm/http://local…)

I’m i doing it right?