getSESBaseURL and https:// issues??

Adam2 · February 17, 2009, 6:11pm

Hello Everybody...

Maybe I'm missing something, but I am using the getSESBaseURL()
function in numerous places… and everything has been working… I
recently setup a secure.domain.com and now, getSESBaseURL() is
returning http://secure.domain.com/index.cfm insted of
https://secure.domain.com/index.cfm - even though the page was
requested via https://secure.domain.com… … I have also tried a ?
fwreinit=1 with no success…

Am I missing something else? is this the desired functionality of
getSESBaseURL()?

My desired functionality would be for getSESBaseURL() to return http://
or https:// depending on which location the page was requested
from.....

Adam2 · February 17, 2009, 6:33pm

In my routes.cfm I found some code and change to the following.. but
I"m still not getting the results I'm looking for with getSESBaseURL
()..

lmajano · February 17, 2009, 7:06pm

The code in your routes.cfm get’s executed only once, once the application starts up.

You basically need to check for ssl and alter the setting accordingly. The problem is that you need to alter it according to a request basis, since one person can be in ssl and another not in ssl.

I recommend you create a request context decorator and decorate the getSESBaseURL() method to include the protocol in the return.

Luis

Adam2 · February 17, 2009, 7:07pm

Update..

I have a centeralized routes.cfm which handles multiple websites.. I
put the code changes I mentioned above in the wrong routes.cfm..

NOTE TO SELF.. Clean up after changes.

I have this working as i expected it to now..

Adam2 · February 17, 2009, 7:14pm

Luis,

That is an interesting issue... which I hadn't even though of... You
are correct in saying that someone could be on asite in ssl and others
not.... but in this particular application it will be available in SSL
only..
However, I will need to figure out exactly what you have pointed out
for other apps..

I am already using a custom RequestContextDecorator.

so my next steps shoul be..

1. overload the getSESBaseURL() function in my
RequestContextDecorator
2. check if HTTPS = on
3. call super.getSESBaseURL()
4. replace http with https if HTTPS = on
5. return new SESBaseURL.

If i got that correct.. this seems straight forward..

Thanks Luis.

lmajano · February 17, 2009, 7:21pm

Yes, that’s it.

Also, make sure you override or use the ssl bits in the buildLink() method.

Adam2 · February 17, 2009, 8:08pm

OK, So I've got the following in my RequestContextDecorator now,

My menus are now building links properly, and stuff is begining to
work on SSL.. then I find my next problem...
my SecurityRules.xml.cfm redirects to "user/login" and that is
redirecting to "http://secure.domain.com/index.cfm/user/login" which
does not exist in this case.
I must not have everything setup to handle this.. any other ideas?

lmajano · February 17, 2009, 8:19pm

Hmm, I believe this might be an issue with the security interceptor as it does not distinguish for ssl and non-ssl calls. It just uses the setnextevent and setnextroute to redirect.

Hmm, this might need an update to the actual interceptor to deal with ssl and the like.

You will probably need to update the security interceptor to meet your needs. I would do the following. Create my own security interceptor that inherits from the coldbox core one. Then override the setNextRoute() and setNextEvent() methods to meet your needs.

I will create a ticket for this also.

Adam2 · February 17, 2009, 8:36pm

Luis,

Thanks for the input and effort…

I’m working out my interceptor override untill 3.0 ???

BTW, it appears that 2.6.3 be the last of the 2.x release, is that so?

adam

getSESBaseURL and https:// issues??

Latest Ortus News

GIVING BACK

HARVESTING IN SPANISH

WOODSEDGE