[ColdBox 3.8.1] _securedURL and default event

Hi Guys,

Not been around for a while but I’ve just started a rather large ColdBox application so you might find me asking stupid questions for a while.

I have a couple of little annoying bits of behaviour in the application and I’m hoping someone can tell me what I’ve missed.

First I have a security interceptor which redirects after login to the _securedURL variable. When navigating to the base url (http://www.domain.com/) I get a _securedURL value of http://www.domain.com/index/cfm which causes an error because I don’t have a handler called index. I know I could add a route to point it to the default event but this would still leave index/cfm in the url. Another option would be to check for index/cfm before redirecting and remove it.

How have you dealt with this before?

My other query is I have set my defaultEvent as “”. but when using setNextEvent(defaultEvent); it always redirects to http://www.domain.com/main/index how can I force this to redirect to http://www.domain.com/ without the main/index?




I haven’t seen the first issue and we use the security interceptor quite a bit. What link are they coming from that produces that?

As far as the second, main/index is the default “default” event in Coldbox. I would just do setNextEvent(“/“);


The index is added, if you have this in the routes file. In the config folder you will see Routes.cfm, all you need to do is remove index.cfm from there.

Hi Curt,

Hope your doing well.

They are going to the base url, so http://www.domain.com/ which then redirects them to login at http://www.domain.com/login

this login event has the _securedURL in it’s request collection (http://www.domain.com/index/cfm in this case) which is used to redirect after login.

I don’t have index/cfm added to any other secured urls. I only get it when navigating to the base url

If I use setNextEvent("/"); I end up with a url like http://www.domain.com// note the double forward slashes

Andrew - I removed index.cfm from the routes.cfm file when I first setup the site it’s currently

// Base URL if( len(getSetting('AppMapping') ) lte 1){ setBaseURL("http://#cgi.HTTP_HOST#/"); } else{ setBaseURL("http://#cgi.HTTP_HOST#/#getSetting('AppMapping')#/"); }

So I don’t think it’s that.




Yeah I was guessing I had this issue years ago, just out of curiosity what version of ColdBox are you using. Is there any chance you can upgrade to the latest and try it again?

I know ContentBox suffered from this exact problem when it was first released, Luis has since fixed it but I never looked at what he actually did to fix this.

I’m running ColdBox SEEK 1 John 5:12-13 which is the latest official release as far as I’m aware. I’m running ACF10 (Update 13) and IIS7

It is strange the only place index/cfm appears is in the _securedURL variable when accessing the site via the base url.



Can you check the source of the outputted html and see if there is a baseURL it might contain it. I do recall something with the baseURL when the _securedURL was generated and I patched this ColdBox and raised an issue with Luis. I thought he may have fixed this by now.

If it is in the baseURL then you need to load up coldbox.system.interceptors.Security.cfc

Around lines 232-250 is where all this takes place, this should have no reference to index in these lines of code.

Just a long shot.

hmmm there’s no reference to index in there however I did notice this at line 229

if( arguments.event.isSES() ){
// Save the secured URL
rc._securedURL = arguments.event.buildLink( linkTo=reReplace( cgi.path_info, “^/”, “” ) );
// Save the secured URL
rc._securedURL = “#cgi.script_name#”;

cgi.script_name is /index.cfm. and if I login and go to http://www.domain.com/ cgi.path_info is also /index.cfm

Yeah, that is what I have. I went looking to see if I still have the patch, but can’t find it.

Just out of curiosity, did you re-install the connectors for CF when you updated. The cgi path stuff has caused issues in the past, but this doesnt sound like that sort of problem.

I know at one stage I used an interceptor on the preRequest or preEvent, to just remove the index.cfm from that variable if using SES, but I can’t even find that so it has me stumped.

I’m pretty sure I reinstalled the connectors, I’ve had the issue with them in the past. Though I reinstalled them again just to make sure and path_info is still /index.cfm I think for now I will use an interceptor and remove it.

Maybe Luis can shed some light.

Thanks for your help Andrew, much appreciated.



Yeah this is a mystery, I have a condition where ContentBox when it has timed out of the dashboard and you log in does something similar. Except it redirects back to the dashboard, it is like it goes from SSL to non SSL back to SSL somehow and Luis says he can’t duplicate that. Just wonder if it is related in some way, doubt it though.