Use <cfhttp> to Find a Valid Redirect URL After Login

Tags: ColdFusion | User Defined Functions (UDFs)


Posted on March 16, 2014 by Daria | Comments (6)


One of the basic fuctionality of a login process is to redirect the user to the original page they requested before being caught up in the login process. But what if you can't be assured that the page the user will be redirected to won't error? What if the page the user is requesting is dependent on form variables being present that will be lost by the login process? My solution is to create a UDF to perform a check after login using the <cfhttp> tag to determine if it is a safe redirect url.

The first part of the process is to record the url of the original page the user requested. The following code would go in your Application.cfc file in the onSessionStart() method to set a session variable that includes the page as well as any url variables.

<cfscript>
    session.referrer = cgi.SCRIPT_NAME & ( len(cgi.QUERY_STRING) ? "?" & cgi.QUERY_STRING : "" );
</cfscript>

In your login processing functions, call the UDF to find the current referrer url.

<cfscript>
    var userValid = true;// real user validation would happen here
    if ( local.userValid ) {
        var currReferrer = getLoginReferrer(
            defaultLocation="/intranet/menu.cfm",
            errorString="Web Page Error Occurred",
            referrerVar="referrer",
            sessionVars=session,
            excludePages="/intranet/login.cfm,/intranet/logout.cfm"
        );
        location (url=local.currReferrer, addtoken="false")
    }
</cfscript>

Finally, include the UDF in your login processing.

<cffunction name="getLoginReferrer" output="no" returntype="string"
    hint="I determine the redirect location to send a user after logging on.">
    <cfargument name="defaultLocation" required="yes" type="string" />
    <cfargument name="errorString" required="yes" type="string" />
    <cfargument name="excludePages" required="no" type="string" default="" />
    <cfargument name="excludeDelim" required="no" type="string" default="," />
    <cfargument name="referrerVar" required="no" type="string" default="referrer" />
    <cfargument name="sessionVars" required="no" type="struct" default="#session#" />

    <cfset var redirectLocation = arguments.defaultLocation />
    <cfset var currReferrer = "" />

    <cfif structKeyExists(arguments.sessionVars,arguments.referrerVar)
            and not listFind(arguments.excludePages,arguments.sessionVars[arguments.referrerVar])>
        <cfset currReferrer = arguments.sessionVars[arguments.referrerVar] />
        <cfset structDelete(arguments.sessionVars,arguments.referrerVar) />
        <cftry>
            <cflock name="referrerCheck" timeout="30" throwontimeout="yes" type="exclusive">
                <cfhttp url="#currReferrer#" resolveurl="no" throwonerror="yes">
                    <cfhttpparam type="cookie" name="CFID" value="#cookie.CFID#" />
                    <cfhttpparam type="cookie" name="CFTOKEN" value="#cookie.CFTOKEN#" />
                    <cfif structKeyExists(cookie,"JSESSIONID")>
                        <cfhttpparam type="cookie" name="JSESSIONID" value="#cookie.JSESSIONID#" />
                    </cfif>
                </cfhttp>
            </cflock>
            <cfif findNoCase(arguments.errorString,cfhttp.FileContent)>
                <!--- if there was an error, but it was caught by a site-wide error handler, send to the default location --->
                <cfset redirectLocation = arguments.defaultLocation />
            <cfelse>
                <!--- if there was no error, send the user to the referrer location --->
                <cfset redirectLocation = currReferrer />
            </cfif>
            <!--- if the cfhttp call to test the referrer page threw an error, just send the user to the default location instead --->
            <cfcatch type="any">
                <cfreturn arguments.defaultLocation />
            </cfcatch>
        </cftry>
    </cfif>

    <cfreturn redirectLocation />
</cffunction>

 


Comments


tay trang rang tai nha tay trang rang tai nha on November 15 2015 8:53 AM

Appreciation to my father who informed me about this web
site, this weblog is really amazing.

tagalog movies tagalog movies on March 11 2016 9:11 PM

Excellent beat ! I would like to apprentice while you amend your site, how can i subscribe for a weblog website?
The account aided me a applicable deal. I were a little
bit familiar of this your broadcast provided brilliant transparent idea

cay ghep rang implant cay ghep rang implant on April 5 2016 3:06 AM

Howdy very nice blog!! Man .. Beautiful .. Superb ..
I will bookmark your blog and taoe the feeds also?

I'm glad to seek out a lot of helpful info here in the post, we'd like develop more
strategies on this regard, tanks for sharing.
. . . . .

SeetRark SeetRark on May 31 2016 4:45 AM

You made some first rate factors there. I looked on the internet for the issue and found most individuals will associate with with your website. http://eurobetsonline24.ru

friv2 friv2 on September 23 2016 12:08 PM

Awesome issues here. I am very satisfied to see your post.
Thanks so much and I am taking a look ahead to touch you.
Will you please drop me a e-mail?

Ronny Ronny on February 14 2017 12:33 AM

Entretanto, como acontecia em todo poderio, nem tudo
foi abatido, mas vários edifícios ou materiais foram aproveitados para os templos cristãos.

Leave a comment

Leave this field empty