Почему ColdFusion перенаправляет на текущую страницу после проверки подлинности, а не на целевую страницу?

У меня есть ситуация, когда пользователь аутентифицируется и возвращается к текущей странице, а не к цели.Почему ColdFusion перенаправляет на текущую страницу после проверки подлинности, а не на целевую страницу?

Пользователь вводит слово поиска и нажимает кнопку ввода.
Страница поиска показывает результат на странице со ссылками.
Пользователь нажимает на ссылку, чтобы просмотреть страницу сведений.
Страница сведений требует аутентификации.
Он перенаправляет пользователя на страницу аутентификации. На данный момент в custom_application.cfm странице , она показывает HTTP_REFERER как:
https://devbox.mysite.com/search/?search=calendar
аутентифицирован и затем возвращается на страницу https://devbox.mysite.com/search/?search=calendar а не https://devbox.mysite.com/kb/article/calendar страницы, которая является связующим звеном , что пользователь нажал и хочет туда попасть.

Я нашел article Бена Надаля, который говорит о проблеме с CFLocation, но он не обеспечивает решения вопроса или, по крайней мере, я не чувствую, что было решение для моей ситуации.

Вот часть кода в специально application.cfm файле:

<cfif cgi.query_string contains "login=1"> 
    <cfif not cgi.query_string contains "forcelogin=1"> 
     <cflog text="SERVER_NAME: #cgi.SERVER_NAME#" type="Information" file="Authentication"> 
     <cflog text="PATH_INFO: #cgi.PATH_INFO#" type="Information" file="Authentication"> 
     <cflog text="PATH_TRANSLATED: #cgi.PATH_TRANSLATED#" type="Information" file="Authentication"> 
     <cflog text="SCRIPT_NAME: #cgi.SCRIPT_NAME#" type="Information" file="Authentication"> 
     <cflog text="QUERY_STRING: #cgi.QUERY_STRING#" type="Information" file="Authentication"> 
     <cflog text="REMOTE_HOST: #cgi.REMOTE_HOST#" type="Information" file="Authentication"> 
     <cfif cgi.http_referer contains "search/?search="> 
       <cflog text="cgi.http_referer contains: #cgi.http_referer#" type="Information" file="Authentication"> 
       <cfset tmp=ReReplace(cgi.http_referer, "^.+\.mysite\.com", "")> 
       <cfset scriptName=ReReplace(cgi.script_name, "^index.cfm\.+", "")> 
       <cflog text="scriptName: #scriptName#" type="Information" file="Authentication"> 
       <!---<cfset qryString=ReReplace(#tmp#, "/search/?search=", "")>---> 
       <cfscript> 
        qryString = replace(#tmp#, "/search/?search=", "", "All"); 
       </cfscript> 
       <cflog text="qryString: #qryString#" type="Information" file="Authentication"> 
       <cfset session.preauthurl="#request.author_url#/kb/article/#qryString#"> 
       <cflog text="After cfset session.preauthurl: #request.author_url#/kb/article/#qryString#" type="Information" file="Authentication"> 
       <cflocation url="#request.author_url#/authenticate.cfm" addtoken="no"> 
      <cfelse> 
       <!---<cfset session.preauthurl="#cgi.http_referer#">---> 
       <cflog text="session.preauthurl-172: #session.preauthurl#" type="Information" file="Authentication"> 
       <cflog text="cflocation url: #request.author_url#/authenticate.cfm" type="Information" file="Authentication"> 
       <cflocation url="#request.author_url#/authenticate.cfm" addtoken="no"> 
     </cfif> 
     <!---<cfset session.preauthurl="#cgi.http_referer#"> 
     <cflocation url="#request.author_url#/authenticate.cfm" addtoken="no">---> 
    <cfelse> 
     <cflocation url="#request.author_url#/authenticate.cfm" addtoken="no"> 
    </cfif> 
</cfif>

А вот часть кода в файле authenticate.cfm:

<!--- if this user is not marked as a "licensed contributor", mark them as such.---> 
    <cfif session.user.LICENSEDCONTRIBUTOR eq 0> 
     <cftry> 
      <CFLOCK SCOPE="Session" TYPE="Exclusive" TIMEOUT="5" THROWONTIMEOUT="Yes"> 
       <cfquery DATASOURCE="#session.user.USERSDATASOURCE#" NAME="updateContributor"> 
        UPDATE Users 
        SET LicensedContributor = '1' 
        WHERE ID = #session.user.id# 
       </cfquery> 
       <cfset session.user.LicensedContributor = "1"> 
      </CFLOCK> 
     <cfcatch> 
      <cfoutput>Error in /authenticate.cfm: An error occurred while trying to log in. Please try again.</cfoutput> 
     </cfcatch> 
     </cftry> 
    </cfif> 

    <cflog text="preAuthUrl-63: #session.preAuthUrl#" type="Information" file="Authentication"> 
    <!---we are now logged in, so redirect somewhere---> 
    <cfif session.preAuthUrl eq ""> 
     <!---not sure where we came from, so redirect to the homepage---> 
     <cflocation url="/" addtoken="no"> 
    <cfelse> 
     <!---The tmp here will cause interna server error because it was not defined anywhere.---> 
     <cfset tmp=ReReplace(session.preAuthUrl, "^.+\.mysite\.com", "")> 
     <cfif session.preAuthUrl contains "login=1"> 
      <cfif tmp eq ""> 
       <cflocation url="/" addtoken="no"> 
      <cfelse> 
       <cflog text="tmp-75: #tmp#" type="Information" file="Authentication"> 
       <cflocation url="#tmp#" addtoken="no">   
      </cfif> 
     <cfelse> 
      <!---<cfset tmp=ReReplace(session.preAuthUrl, "^.+\.mysite\.com", "")>---> 
      <cflog text="final URL: #request.author_url##tmp#" type="Information" file="Authentication"> 
      <cflocation url="#request.author_url##tmp#" addtoken="no">   
     </cfif> 
    </cfif> 
</cfif> 


<cflog text="http_referer: #cgi.http_referer#" type="Information" file="Authentication"> 

<!---go back to wherever we came from---> 
<cflocation url="#cgi.http_referer#" addtoken="no">

И вот что журнал показывает:

========================This is the first time hitting the custom-appliction================================== 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:41","SITE1","SERVER_NAME: devbox.mysite.com" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:41","SITE1","PATH_INFO: " 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:41","SITE1","PATH_TRANSLATED: \\commonspotshare.mysite.com\commonspot$\DEVSITE\dev.mysite.com\kb\article\index.cfm" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:41","SITE1","SCRIPT_NAME: /kb/article/index.cfm" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:41","SITE1","QUERY_STRING: login=1" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:41","SITE1","REMOTE_HOST: 10.34.3.251" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:41","SITE1","cgi.http_referer contains: https://devbox.mysite.com/search/?search=calendar" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:41","SITE1","scriptName: /kb/article/index.cfm" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:41","SITE1","qryString: calendar" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:41","SITE1","After cfset session.preauthurl: https://devbox.mysite.com/kb/article/calendar" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:46","SITE1","preAuthUrl-63: https://devbox.mysite.com/kb/article/calendar" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:46","SITE1","final URL: https://devbox.mysite.com/kb/article/calendar" 
----------------noticed that it never gets to the "http_referer" log at the bottom which is the correct behavior------------------------------------------ 
========================Now, it hits the target page of "calendar" and it launches the custom-appliction again===================================================== 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:46","SITE1","SERVER_NAME: devbox.mysite.com" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:46","SITE1","PATH_INFO: " 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:46","SITE1","PATH_TRANSLATED: \\commonspotshare.mysite.com\commonspot$\DEVSITE\dev.mysite.com\kb\article\index.cfm" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:46","SITE1","SCRIPT_NAME: /kb/article/index.cfm" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:46","SITE1","QUERY_STRING: login=1" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:46","SITE1","REMOTE_HOST: 10.34.3.251" 
---------------------Noticed the line below shows the target page correctly in session.preauthurl variable------------------------------------------ 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:46","SITE1","session.preauthurl-172: https://devbox.mysite.com/kb/article/calendar" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:46","SITE1","cflocation url: https://devbox.mysite.com/authenticate.cfm" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:47","SITE1","preAuthUrl-63: https://devbox.mysite.com/kb/article/calendar" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:47","SITE1","final URL: https://devbox.mysite.com/kb/article/calendar" 
----------------------Noticed the line above here (final URL) shows the correct target page-------------------------------------------------------- 
=======================But it never actually gets to the target page, it went back to the custom-appliction file again as shown below=================================== 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","SERVER_NAME: devbox.mysite.com" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","PATH_INFO: " 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","PATH_TRANSLATED: \\commonspotshare.mysite.com\commonspot$\DEVSITE\dev.mysite.com\kb\article\index.cfm" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","SCRIPT_NAME: /kb/article/index.cfm" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","QUERY_STRING: login=1" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","REMOTE_HOST: 10.34.3.251" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","session.preauthurl-172: https://devbox.mysite.com/kb/article/calendar" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","cflocation url: https://devbox.mysite.com/authenticate.cfm" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","preAuthUrl-63: https://devbox.mysite.com/kb/article/calendar" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","final URL: https://devbox.mysite.com/kb/article/calendar" 
=======================And again here,it launches the custom-appliction file again and go through a loop=============================================================== 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","SERVER_NAME: devbox.mysite.com" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","PATH_INFO: " 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","PATH_TRANSLATED: \\commonspotshare.mysite.com\commonspot$\DEVSITE\dev.mysite.com\kb\article\index.cfm" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","SCRIPT_NAME: /kb/article/index.cfm" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","QUERY_STRING: login=1" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","REMOTE_HOST: 10.34.3.251" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","session.preauthurl-172: https://devbox.mysite.com/kb/article/calendar" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","cflocation url: https://devbox.mysite.com/authenticate.cfm" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","preAuthUrl-63: https://devbox.mysite.com/kb/article/calendar" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","final URL: https://devbox.mysite.com/kb/article/calendar" 
=======================And again here,it launches the custom-appliction file again and go through a loop=============================================================== 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","SERVER_NAME: devbox.mysite.com" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","PATH_INFO: " 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","PATH_TRANSLATED: \\commonspotshare.mysite.com\commonspot$\DEVSITE\dev.mysite.com\kb\article\index.cfm" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","SCRIPT_NAME: /kb/article/index.cfm" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","QUERY_STRING: login=1" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","REMOTE_HOST: 10.34.3.251" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","session.preauthurl-172: https://devbox.mysite.com/kb/article/calendar" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","cflocation url: https://devbox.mysite.com/authenticate.cfm" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","preAuthUrl-63: https://devbox.mysite.com/kb/article/calendar" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","final URL: https://devbox.mysite.com/kb/article/calendar" 
=======================And again here,it launches the custom-appliction file again and go through a loop=============================================================== 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","SERVER_NAME: devbox.mysite.com" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","PATH_INFO: " 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","PATH_TRANSLATED: \\commonspotshare.mysite.com\commonspot$\DEVSITE\dev.mysite.com\kb\article\index.cfm" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","SCRIPT_NAME: /kb/article/index.cfm" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","QUERY_STRING: login=1" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","REMOTE_HOST: 10.34.3.251" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","session.preauthurl-172: https://devbox.mysite.com/kb/article/calendar" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","cflocation url: https://devbox.mysite.com/authenticate.cfm" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","preAuthUrl-63: https://devbox.mysite.com/kb/article/calendar" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","final URL: https://devbox.mysite.com/kb/article/calendar" 
=======================And again here,it launches the custom-appliction file again and go through a loop=============================================================== 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","SERVER_NAME: devbox.mysite.com" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","PATH_INFO: " 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","PATH_TRANSLATED: \\commonspotshare.mysite.com\commonspot$\DEVSITE\dev.mysite.com\kb\article\index.cfm" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","SCRIPT_NAME: /kb/article/index.cfm" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","QUERY_STRING: login=1" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","REMOTE_HOST: 10.34.3.251" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","session.preauthurl-172: https://devbox.mysite.com/kb/article/calendar" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","cflocation url: https://devbox.mysite.com/authenticate.cfm" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:51","SITE1","preAuthUrl-63: https://devbox.mysite.com/kb/article/calendar" 
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:51","SITE1","final URL: https://devbox.mysite.com/kb/article/calendar" 
=========================And it finally quits in Firefox but in IE it keeps going forever====================================================================

источник

2016-02-24 Charlie123

Это то, что я так и думал. Однако, чтобы проверить это, если пользователь уже находится на странице сведений, и он пытается войти в систему вручную (вместо автоматической проверки, был ли текущий пользователь аутентифицирован или нет), он аутентифицируется и возвращается обратно к деталям, стр. – Charlie123

Благодарим за ответы и поддержку. Я наконец-то понял. Причина, по которой это происходило в цикле, заключалась в том, что так, как я проверяю, прошел ли аутентификация пользователя или нет, неправильно. Поскольку мы используем CommonSpot CMS, я попытался использовать их API для проверки неправильной .isLoggedIn. Я, наконец, должен был установить переменную session.mySiteShibboleth.isAuthenticated и просто проверить эту переменную на моей странице сведений. Если это неверно или не задано, перенаправите пользователя на страницу аутентификации. Кажется, это работает.

<cfif IsDefined("session.mysiteShibboleth.isAuthenticated") > 
    <cfoutput> 
     mysiteShibboleth exists. 
    </cfoutput> 
<cfelse> 
    <cflocation url="#request.author_url##cgi.script_name#?login=1" addtoken="no" > 
</cfif>

источник

2016-02-29 19:10:48 Charlie123

Проблема заключается в том, что вы сохраняете рефракционный URL страницы в сеансе, установленном в текущем URL-адресе, где uw ant, чтобы вернуться после аутентификации. Вместо использования cgi.http_referer вы должны использовать path_info и QUERY_STRING (вы можете пропустить QUERY_STRING, если ваш refral URL доза не содержит какой-либо)

<cfif cgi.query_string contains "login=1"> 
    <cfif not cgi.query_string contains "forcelogin=1">  
     <cfset session.preauthurl="https://devbox.mysite.com#cgi.path_info##cgi.query_string#"> 
     <cflocation  url="#request.author_url#/authenticate.cfm" addtoken="no"> 
<cfelse> 
    <cflocation url="#request.author_url#/authenticate.cfm" addtoken="no"> 
    </cfif> 
</cfif>

Но в случае ручного входа по пользователю необходимо использовать HTTP_REFERER.

источник

2016-02-24 20:15:01

Благодарим за отзыв. Я пробовал это, но это не сработало. URL-адрес в браузере показал: https://devbox.mysite.com/kb/article/index.cfm?login=1, и он закончился внутренней ошибкой сервера в файле authenticate.cfm под кодовой строкой: – Charlie123

Эта строка: https: //devbox.mysite.com#cgi.path_info##cgi.query_string # дает мне это: https://devbox.mysite.com/login=1 и не: https://devbox.mysite.com/kb/article/calendar, где это целевая или целевая страница. Однако даже если мне удалось получить правильную страницу целевого URL в переменной сеанса preauthURL, она все равно не будет работать. – Charlie123

Принцип работы нашей CommonSpot CMS заключается в том, что каждый раз, когда вы обращаетесь к странице, сначала запускается custom_application.cfm. Поэтому переменная сеанса preauthURL устанавливается правильно в первый раз, когда пользователь щелкает гиперссылку со страницы результатов поиска. Однако, когда пользователь получил аутентификацию и, наконец, приземлился на целевой странице, custom_application.cfm снова вызван/запущен, и на этот раз Http_referer и preauthURL неверны, поскольку ссылаются на последнюю страницу, которая является нашей страницей аутентификации shibboleth. И здесь я не мог понять. – Charlie123

Почему ColdFusion перенаправляет на текущую страницу после проверки подлинности, а не на целевую страницу?

ответ

Смежные вопросы