为什么ColdFusion在身份验证后重定向到当前页面而不是目标页面?

时间:2016-02-24 17:12:35

标签: authentication coldfusion url-redirection coldfusion-9 http-referer

我遇到的情况是用户进行身份验证后返回当前页面而不是目标页面。

  1. 用户输入搜索词并单击“输入”。
  2. 搜索页面会在包含链接的页面上显示结果。
  3. 用户点击链接查看详细信息页面。
  4. 详细信息页面需要身份验证。
  5. 它将用户重定向到身份验证页面。此时此刻 custom_application.cfm页面,它将HTTP_REFERER显示为:
    https://devbox.mysite.com/search/?search=calendar
  6. 用户进行身份验证,然后返回到 https://devbox.mysite.com/search/?search=calendar页面而不是 https://devbox.mysite.com/kb/article/calendar页面,即。{ 用户点击并希望去那里的链接。

    7. 我发现Ben Nadal的这个article讨论了CFLocation的问题,但它没有提供问题的解决方案,或者至少我觉得我的情况没有解决方案。

    以下是custom-application.cfm文件中的部分代码:

    <cfif cgi.query_string contains "login=1">
    <cfif not cgi.query_string contains "forcelogin=1">
        <cflog text="SERVER_NAME: #cgi.SERVER_NAME#" type="Information" file="Authentication">
        <cflog text="PATH_INFO: #cgi.PATH_INFO#" type="Information" file="Authentication">
        <cflog text="PATH_TRANSLATED: #cgi.PATH_TRANSLATED#" type="Information" file="Authentication">
        <cflog text="SCRIPT_NAME: #cgi.SCRIPT_NAME#" type="Information" file="Authentication">
        <cflog text="QUERY_STRING: #cgi.QUERY_STRING#" type="Information" file="Authentication">
        <cflog text="REMOTE_HOST: #cgi.REMOTE_HOST#" type="Information" file="Authentication">
        <cfif cgi.http_referer contains "search/?search=">
                <cflog text="cgi.http_referer contains: #cgi.http_referer#" type="Information" file="Authentication">
                <cfset tmp=ReReplace(cgi.http_referer, "^.+\.mysite\.com", "")>
                <cfset scriptName=ReReplace(cgi.script_name, "^index.cfm\.+", "")>
                <cflog text="scriptName: #scriptName#" type="Information" file="Authentication">
                <!---<cfset qryString=ReReplace(#tmp#, "/search/?search=", "")>--->
                <cfscript>
                    qryString = replace(#tmp#, "/search/?search=", "", "All");
                </cfscript> 
                <cflog text="qryString: #qryString#" type="Information" file="Authentication">
                <cfset session.preauthurl="#request.author_url#/kb/article/#qryString#">
                <cflog text="After cfset session.preauthurl: #request.author_url#/kb/article/#qryString#" type="Information" file="Authentication">
                <cflocation url="#request.author_url#/authenticate.cfm" addtoken="no">
            <cfelse>
                <!---<cfset session.preauthurl="#cgi.http_referer#">--->
                <cflog text="session.preauthurl-172: #session.preauthurl#" type="Information" file="Authentication">
                <cflog text="cflocation url: #request.author_url#/authenticate.cfm" type="Information" file="Authentication">
                <cflocation url="#request.author_url#/authenticate.cfm" addtoken="no">
        </cfif>
        <!---<cfset session.preauthurl="#cgi.http_referer#">
        <cflocation url="#request.author_url#/authenticate.cfm" addtoken="no">--->
    <cfelse>
        <cflocation url="#request.author_url#/authenticate.cfm" addtoken="no">
    </cfif>
</cfif>

    这是authenticate.cfm文件中代码的一部分:

        <!--- if this user is not marked as a "licensed contributor", mark them as such.--->
    <cfif session.user.LICENSEDCONTRIBUTOR eq 0> 
        <cftry>
            <CFLOCK SCOPE="Session" TYPE="Exclusive" TIMEOUT="5" THROWONTIMEOUT="Yes">
                <cfquery DATASOURCE="#session.user.USERSDATASOURCE#" NAME="updateContributor">
                   UPDATE Users
                   SET LicensedContributor = '1'
                   WHERE ID = #session.user.id#
                </cfquery>
                <cfset session.user.LicensedContributor = "1">
            </CFLOCK>
        <cfcatch>
            <cfoutput>Error in /authenticate.cfm: An error occurred while trying to log in. Please try again.</cfoutput>
        </cfcatch>
        </cftry>
    </cfif>

    <cflog text="preAuthUrl-63: #session.preAuthUrl#" type="Information" file="Authentication">
    <!---we are now logged in, so redirect somewhere--->
    <cfif session.preAuthUrl eq "">
        <!---not sure where we came from, so redirect to the homepage--->
        <cflocation url="/" addtoken="no">
    <cfelse>
        <!---The tmp here will cause interna server error because it was not defined anywhere.--->
        <cfset tmp=ReReplace(session.preAuthUrl, "^.+\.mysite\.com", "")>
        <cfif session.preAuthUrl contains "login=1">
            <cfif tmp eq "">
                <cflocation url="/" addtoken="no">
            <cfelse>
                <cflog text="tmp-75: #tmp#" type="Information" file="Authentication">
                <cflocation url="#tmp#" addtoken="no">          
            </cfif>
        <cfelse>
            <!---<cfset tmp=ReReplace(session.preAuthUrl, "^.+\.mysite\.com", "")>--->
            <cflog text="final URL: #request.author_url##tmp#" type="Information" file="Authentication">
            <cflocation url="#request.author_url##tmp#" addtoken="no">          
        </cfif>
    </cfif>
</cfif>


<cflog text="http_referer: #cgi.http_referer#" type="Information" file="Authentication">

<!---go back to wherever we came from--->
<cflocation url="#cgi.http_referer#" addtoken="no">

    以下是日志显示的内容:

    ========================This is the first time hitting the custom-appliction==================================
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:41","SITE1","SERVER_NAME: devbox.mysite.com"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:41","SITE1","PATH_INFO: "
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:41","SITE1","PATH_TRANSLATED: \\commonspotshare.mysite.com\commonspot$\DEVSITE\dev.mysite.com\kb\article\index.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:41","SITE1","SCRIPT_NAME: /kb/article/index.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:41","SITE1","QUERY_STRING: login=1"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:41","SITE1","REMOTE_HOST: 10.34.3.251"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:41","SITE1","cgi.http_referer contains: https://devbox.mysite.com/search/?search=calendar"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:41","SITE1","scriptName: /kb/article/index.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:41","SITE1","qryString: calendar"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:41","SITE1","After cfset session.preauthurl: https://devbox.mysite.com/kb/article/calendar"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:46","SITE1","preAuthUrl-63: https://devbox.mysite.com/kb/article/calendar"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:46","SITE1","final URL: https://devbox.mysite.com/kb/article/calendar"
----------------noticed that it never gets to the "http_referer" log at the bottom which is the correct behavior------------------------------------------
========================Now, it hits the target page of "calendar" and it launches the custom-appliction again=====================================================
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:46","SITE1","SERVER_NAME: devbox.mysite.com"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:46","SITE1","PATH_INFO: "
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:46","SITE1","PATH_TRANSLATED: \\commonspotshare.mysite.com\commonspot$\DEVSITE\dev.mysite.com\kb\article\index.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:46","SITE1","SCRIPT_NAME: /kb/article/index.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:46","SITE1","QUERY_STRING: login=1"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:46","SITE1","REMOTE_HOST: 10.34.3.251"
---------------------Noticed the line below shows the target page correctly in session.preauthurl variable------------------------------------------
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:46","SITE1","session.preauthurl-172: https://devbox.mysite.com/kb/article/calendar"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:46","SITE1","cflocation url: https://devbox.mysite.com/authenticate.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:47","SITE1","preAuthUrl-63: https://devbox.mysite.com/kb/article/calendar"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:47","SITE1","final URL: https://devbox.mysite.com/kb/article/calendar"
----------------------Noticed the line above here (final URL) shows the correct target page--------------------------------------------------------
=======================But it never actually gets to the target page, it went back to the custom-appliction file again as shown below===================================
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","SERVER_NAME: devbox.mysite.com"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","PATH_INFO: "
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","PATH_TRANSLATED: \\commonspotshare.mysite.com\commonspot$\DEVSITE\dev.mysite.com\kb\article\index.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","SCRIPT_NAME: /kb/article/index.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","QUERY_STRING: login=1"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","REMOTE_HOST: 10.34.3.251"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","session.preauthurl-172: https://devbox.mysite.com/kb/article/calendar"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","cflocation url: https://devbox.mysite.com/authenticate.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","preAuthUrl-63: https://devbox.mysite.com/kb/article/calendar"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","final URL: https://devbox.mysite.com/kb/article/calendar"
=======================And again here,it launches the custom-appliction file again and go through a loop===============================================================
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","SERVER_NAME: devbox.mysite.com"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","PATH_INFO: "
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","PATH_TRANSLATED: \\commonspotshare.mysite.com\commonspot$\DEVSITE\dev.mysite.com\kb\article\index.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","SCRIPT_NAME: /kb/article/index.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","QUERY_STRING: login=1"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","REMOTE_HOST: 10.34.3.251"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","session.preauthurl-172: https://devbox.mysite.com/kb/article/calendar"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","cflocation url: https://devbox.mysite.com/authenticate.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","preAuthUrl-63: https://devbox.mysite.com/kb/article/calendar"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","final URL: https://devbox.mysite.com/kb/article/calendar"
=======================And again here,it launches the custom-appliction file again and go through a loop===============================================================
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","SERVER_NAME: devbox.mysite.com"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","PATH_INFO: "
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","PATH_TRANSLATED: \\commonspotshare.mysite.com\commonspot$\DEVSITE\dev.mysite.com\kb\article\index.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","SCRIPT_NAME: /kb/article/index.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","QUERY_STRING: login=1"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","REMOTE_HOST: 10.34.3.251"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","session.preauthurl-172: https://devbox.mysite.com/kb/article/calendar"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","cflocation url: https://devbox.mysite.com/authenticate.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","preAuthUrl-63: https://devbox.mysite.com/kb/article/calendar"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","final URL: https://devbox.mysite.com/kb/article/calendar"
=======================And again here,it launches the custom-appliction file again and go through a loop===============================================================
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","SERVER_NAME: devbox.mysite.com"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","PATH_INFO: "
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","PATH_TRANSLATED: \\commonspotshare.mysite.com\commonspot$\DEVSITE\dev.mysite.com\kb\article\index.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","SCRIPT_NAME: /kb/article/index.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","QUERY_STRING: login=1"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","REMOTE_HOST: 10.34.3.251"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","session.preauthurl-172: https://devbox.mysite.com/kb/article/calendar"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","cflocation url: https://devbox.mysite.com/authenticate.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","preAuthUrl-63: https://devbox.mysite.com/kb/article/calendar"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","final URL: https://devbox.mysite.com/kb/article/calendar"
=======================And again here,it launches the custom-appliction file again and go through a loop===============================================================
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","SERVER_NAME: devbox.mysite.com"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","PATH_INFO: "
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","PATH_TRANSLATED: \\commonspotshare.mysite.com\commonspot$\DEVSITE\dev.mysite.com\kb\article\index.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","SCRIPT_NAME: /kb/article/index.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","QUERY_STRING: login=1"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","REMOTE_HOST: 10.34.3.251"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","session.preauthurl-172: https://devbox.mysite.com/kb/article/calendar"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","cflocation url: https://devbox.mysite.com/authenticate.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:51","SITE1","preAuthUrl-63: https://devbox.mysite.com/kb/article/calendar"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:51","SITE1","final URL: https://devbox.mysite.com/kb/article/calendar"
=========================And it finally quits in Firefox but in IE it keeps going forever====================================================================

2 个答案:

答案 0 :(得分:1)

问题是你在当前网址的会话中存储页面的refral url,你想在认证后回来。你应该使用path_info和query_string而不是使用cgi.http_referer(如果你的refral URL不包含任何内容,你可以跳过query_string)

  <cfif cgi.query_string contains "login=1">
    <cfif not cgi.query_string contains "forcelogin=1">     
        <cfset session.preauthurl="https://devbox.mysite.com#cgi.path_info##cgi.query_string#">
        <cflocation     url="#request.author_url#/authenticate.cfm" addtoken="no">
<cfelse>
    <cflocation url="#request.author_url#/authenticate.cfm" addtoken="no">
    </cfif>
</cfif>

但是在用户手动登录的情况下,您必须使用http_referer。

答案 1 :(得分:0)

感谢您的所有回复和支持。我终于弄明白了。它进入循环的原因是因为我测试用户是否经过身份验证的方式是错误的。由于我们使用的是CommonSpot CMS,我尝试使用他们的API来检查.isLoggedIn是错误的。我最后不得不设置session.mySiteShibboleth.isAuthenticated变量,并在我的详细信息页面中检查该变量。如果不正确或未设置,则将用户重定向到身份验证页面。这似乎有效。

<cfif IsDefined("session.mysiteShibboleth.isAuthenticated") >
    <cfoutput>
        mysiteShibboleth exists.
    </cfoutput>
<cfelse>
    <cflocation url="#request.author_url##cgi.script_name#?login=1" addtoken="no" > 
</cfif>
相关问题
最新问题