To add to this discussion, don't forget to append the Query String as well.
<cfset return_url = "#script_name#?#query_string#">
And make sure you surround any redirect with a conditional that stops a loop
if the user is looking at the login form.
<cfif fuseaction does not contain "login">
<cflocation
url="#path_to_login#/index.cfm?fuseaction=login_form&return_url=#URLEncodedF
ormat(return_url)#" addtoken="yes">
</cfif>
Since you're not using cookies or session vars, you'll have to pass the CFID
and CFTOKEN between all page requests or come up with a unique number to
pass around. Of course, this leaves your system wide open because you would
be passing those unique identifiers through form and url variables, but hey
you gotta do what you gotta do.
---mark
=========================================
Mark Warrick - Fusioneers.com
Personal Email: [EMAIL PROTECTED]
Business Email: [EMAIL PROTECTED]
Phone: 714-547-5386
Efax: 801-730-7289
Personal URL: http://www.warrick.net
Business URL: http://www.fusioneers.com
ICQ: 125160
AIM: markwarric
Yahoo: Serengeti
=========================================
-----Original Message-----
From: Ryan Farrell [mailto:[EMAIL PROTECTED]]
Sent: Friday, October 05, 2001 7:07 AM
To: CF-Talk
Subject: RE: How to find out the page to send 'em back to
Hmmm, maybe I don't understand the full scope of what you're asking, but
seems like you could do this:
- When a user hits a secure page, redirect to the login page with a URL
variable containing the page they hit (for example, <.cflocation
url="login.cfm?referer=#cgi.script_name#">).
- Pass that URL variable to the form processing page via a hidden form
field.
- If the user is authenticated, use the hidden field to redirect back to the
page they were originally trying to hit.
- If the user is not authenticated, use the hidden field to redirect back to
the login page with the hidden field as a URL variable (starts the whole
process over).
Hope that works for you!
Ryan
-----Original Message-----
From: Mike Kear [mailto:[EMAIL PROTECTED]]
Sent: Friday, October 05, 2001 8:47 AM
To: CF-Talk
Subject: How to find out the page to send 'em back to
I am working on a login system that has so many limitations you couldn't
imagine it. I want to have the actual login form and processing page as a
single pair of templates in a single location for the whole site. If any
page requires a user to be logged in, and they're not, they'll be sent to
this page and then sent back to the original page once satisfactorily logged
in against a table in the datasource.
Not so difficult you'd have thought.
So let me put some limitations on there and see if it's still so easy:
No client variables. Not allowed - all state management has to be in our
site's own datasources
No session variables - it's a clustered environment.
No custom tags permitted
Ok, so I could have the referring page add it's own location to the
parameters passed to the login page. Except that #cgi.path_info# doesn't
work. Gives null as a response.
So the login page could use #http_referrer# (which does work) to specify
where to sent the user back. But what happens when the login page goes
round fhe second time or third time because they've put in the wrong
password or something. It'll only have the correct #http_referrer# the
first time through the page won't it?
Cheers,
Mike Kear
Windsor, NSW, Australia
AFP WebWorks
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Get the mailserver that powers this list at http://www.coolfusion.com
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
