Security Interceptor and non SES _secureURL variable...

I don’t know if I have everything set up correctly, every thing SES seems to work fine except…, but the _securedURL variable returned by the Security Interceptor returns a non-SES URL…

I looked into the Security Interceptor and it uses the #cgi.script_name# which always returns the URL with the index.cfm embedded in the url…


An example:

  1. I goto /admin/account but I’m not logged in…
  2. Security interceptor redirects me to /admin/login/index (which is fine)
  3. The _securedURL variable = “index.cfm/admin/account” (the cgi.script_name always includes “index.cfm”)
  4. Thus when I redirect to the _securedURL it does not use the SES url which should be “/admin/account”

NOTE: All other aspects of the SES Interceptor works, i.e. via buildLink, etc…

my hacky workaround -

if(NOT isNull(rc._securedURL)){
var sesurl = Replace(rc._securedURL, cgi.script_name, “”);
rc._securedURL = sesurl;


placed in the login.index action - Of course this only provides the relative url, but that works for me…


Wouldn’t it be better to return a _securedEvent which has the event the user was originally going to?
At least then we could use the buildLink(), which always return the correct SES url, with our own baseURL if we absolutely could not use relative URLs.


remove the index.cfm from the routes config file.

Doesn’t work…

Someone had same problem…

Are you on railo?

Do you have apache in front of tomcat?

Missed link: Google Groups