getSESBaseURL and https:// issues??

Hello Everybody...

Maybe I'm missing something, but I am using the getSESBaseURL()
function in numerous places… and everything has been working… I
recently setup a and now, getSESBaseURL() is
returning insted of - even though the page was
requested via… … I have also tried a ?
fwreinit=1 with no success…

Am I missing something else? is this the desired functionality of

My desired functionality would be for getSESBaseURL() to return http://
or https:// depending on which location the page was requested

In my routes.cfm I found some code and change to the following.. but
I"m still not getting the results I'm looking for with getSESBaseURL

<cfset protocol = "http://">
  <cfif getCGIElement("HTTPS") eq "on">
    <cfset protocol = "https://">

<cfif len(getSetting("AppMapping")) lte 1>
  <cfset setBaseURL("#protocol##cgi.HTTP_HOST#/index.cfm")>
  <cfset setBaseURL("#protocol##cgi.HTTP_HOST#/#getSetting('AppMapping')

The code in your routes.cfm get’s executed only once, once the application starts up.

You basically need to check for ssl and alter the setting accordingly. The problem is that you need to alter it according to a request basis, since one person can be in ssl and another not in ssl.

I recommend you create a request context decorator and decorate the getSESBaseURL() method to include the protocol in the return.



I have a centeralized routes.cfm which handles multiple websites.. I
put the code changes I mentioned above in the wrong routes.cfm..

NOTE TO SELF.. Clean up after changes.

I have this working as i expected it to now..


That is an interesting issue... which I hadn't even though of... You
are correct in saying that someone could be on asite in ssl and others
not.... but in this particular application it will be available in SSL
However, I will need to figure out exactly what you have pointed out
for other apps..

I am already using a custom RequestContextDecorator.

so my next steps shoul be..

1. overload the getSESBaseURL() function in my
2. check if HTTPS = on
3. call super.getSESBaseURL()
4. replace http with https if HTTPS = on
5. return new SESBaseURL.

If i got that correct.. this seems straight forward..

Thanks Luis.

Yes, that’s it.

Also, make sure you override or use the ssl bits in the buildLink() method.

OK, So I've got the following in my RequestContextDecorator now,

<cffunction name="getSESBaseURL" output="false" access="public"
    <cfset var sesBaseURL = super.getSESBaseURL()>
    <cfif cgi["HTTPS"] eq "on">
        <cfset sesBaseURL = replacenoCase
    <cfreturn sesBaseURL/>

<cffunction name="buildlink" output="false" access="public"
  <cfargument name="linkto" type="string" required="false" default=""/>
  <cfset var link = super.buildLink(arguments.linkto,super.isSES(),cgi
["HTTPS"] eq "on")>
  <cfreturn link/>

My menus are now building links properly, and stuff is begining to
work on SSL.. then I find my next problem...
my SecurityRules.xml.cfm redirects to "user/login" and that is
redirecting to "" which
does not exist in this case.
I must not have everything setup to handle this.. any other ideas?

Hmm, I believe this might be an issue with the security interceptor as it does not distinguish for ssl and non-ssl calls. It just uses the setnextevent and setnextroute to redirect.

Hmm, this might need an update to the actual interceptor to deal with ssl and the like.

You will probably need to update the security interceptor to meet your needs. I would do the following. Create my own security interceptor that inherits from the coldbox core one. Then override the setNextRoute() and setNextEvent() methods to meet your needs.

I will create a ticket for this also.


Thanks for the input and effort…

I’m working out my interceptor override untill 3.0 ???

BTW, it appears that 2.6.3 be the last of the 2.x release, is that so?

  • adam