[ColdBox 3.6.0] Remove index.cfm from _securedUrl

Hi, I have an application with ses url working perfectly.

The only problem is when I try a redirect after a login: the redirect url always have index.cfm/ in url. How can i make also securedUrl ses enabled?

Check your routes.cfm. Is the base URL being set with index.cfm in it there? That’s what is used for the redirect unless you are manually setting a different baseSESURL somewhere else in the application. (like a preProcess interceptor for instance)

Thanks!

~Brad

ColdBox Platform Evangelist
Ortus Solutions, Corp

E-mail: brad@coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com

This is my routes.cfm:

// Allow unique URL or combination of URLs, we recommend both enabled setUniqueURLS(false); // Auto reload configuration, true in dev makes sense to reload the routes on every request //setAutoReload(false); // Sets automatic route extension detection and places the extension in the rc.format variable // setExtensionDetection(true); // The valid extensions this interceptor will detect // setValidExtensions('xml,json,jsont,rss,html,htm'); // If enabled, the interceptor will throw a 406 exception that an invalid format was detected or just ignore it // setThrowOnInvalidExtension(true);

// Base URL
if( len(getSetting(‘AppMapping’) ) lte 1){
setBaseURL(“http://#cgi.HTTP_HOST#/”);
}
else{
setBaseURL(“http://#cgi.HTTP_HOST#/#getSetting(‘AppMapping’)#/”);
}

// Your Application Routes
addRoute(pattern="/:handler/:action?");

Can you show us the code that redirects?

Thanks!

~Brad

ColdBox Platform Evangelist
Ortus Solutions, Corp

E-mail: brad@coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com

I’m using solitary module from https://github.com/cfaddict/solitary created by Dan Vega.

In my module folder I have an interceptor that makes redirection:

component displayname=“redirect” hint=“redirect a user after login”
{

function configure(){}

function preProcess(event,rc,prc){

var rc = Event.getCollection();
var oSession = getPlugin(“SessionStorage”);
oSession.setVar(“redirect”,event.getValue(’_securedURL’,’’));

}
}

This module has this routes:

// SES Routes
routes = [
{pattern="/", handler=“security”,action=“index”},
{pattern="/docs", handler=“docs”,action=“index”},
{pattern="/login", handler=“security”,action=“login”},
{pattern="/doLogin", handler=“security”,action=“doLogin”},
{pattern="/logout", handler=“security”,action=“logout”},
{pattern="/forgotPassword", handler=“security”,action=“forgotPassword”},
{pattern="/resetPassword/:eph", handler=“security”,action=“resetPassword”},
{pattern="/changePassword", handler=“security”,action=“changePassword”},
{pattern="/doChangePassword", handler=“security”,action=“doChangePassword”},
{pattern="/accessDenied", handler=“security”,action=“accessDenied”},
{pattern="/users/list", handler=“users”,action=“list”},
{pattern="/users/list/role/:id", handler=“users”,action=“list”},
{pattern="/users/edit/:id?", handler=“users”,action=“edit”},
{pattern="/users/save", handler=“users”,action=“save”},
{pattern="/users/remove/:id", handler=“users”,action=“remove”},
{pattern="/users/usernameExists/:username", handler=“users”,action=“usernameExists”},
{pattern="/roles/list", handler=“roles”,action=“list”},
{pattern="/roles/edit/:id?", handler=“roles”,action=“edit”},
{pattern="/roles/save", handler=“roles”,action=“save”},
{pattern="/roles/remove/:id", handler=“roles”,action=“remove”},
{pattern="/sessiontracking/current", handler=“sessiontracking”,action=“current”},
{pattern="/sessiontracking/active", handler=“sessiontracking”,action=“active”}
];

And this is my Security handler:

public void function doLogin(event){
var rc = event.getCollection();
var oSession = getPlugin(“SessionStorage”);

event.paramValue(“username”,"");
event.paramValue(“password”,"");
event.paramValue(“rememberme”,false);
cookieStorage.setVar(“username”,“admin”,999);

if( securityService.isUserVerified(rc.username,rc.password) ){
securityService.updateUserLoginTimestamp();
// if the user selected remember set a cookie
if( rc.rememberme ){
cookieStorage.setVar(“username”,rc.username,999);
}

if(len(oSession.getVar(“redirect”))){
location( oSession.getVar(“redirect”), “no” );
}else{
setNextEvent( variables.defaultEvent );
}
}
else{
getPlugin(“MessageBox”).setMessage(“error”,“Login Failed: Please try again.”);
setNextEvent(“security.login”);
}

}

I noticed that in the security.cfc interceptor in system/interceptors/Security.cfc there are this lines:

//Redirect
if( arguments.event.isSES() ){
// Save the secured URL
rc._securedURL = “#cgi.script_name##cgi.path_info#”;
}

To remove index.cfm from rcSecuredUrl should I remove #cgi.script_name#?

Is this correct?