为什么 ColdFusion 在身份验证后重定向到当前页面而不是目标页面?

Why is ColdFusion redirects to current page after authentication rather than target page?

我有这样一种情况,在用户进行身份验证后,它返回到当前页面而不是目标页面。

  1. 用户输入搜索词并点击回车。
  2. 搜索页面在links的页面显示结果。
  3. 用户点击link查看详情页面。
  4. 详情页需要认证。
  5. 它将用户重定向到身份验证页面。此时在 custom_application.cfm 页面,它将 HTTP_REFERER 显示为:
    https://devbox.mysite.com/search/?search=calendar
  6. 用户通过身份验证,然后返回到 https://devbox.mysite.com/search/?search=calendar 页而不是 https://devbox.mysite.com/kb/article/calendar 页面,即 link 用户点击并想去那里。

我发现 Ben Nadal 的 article 谈到了 CFLocation 的问题,但它没有提供该问题的解决方案,或者至少我觉得我的情况没有解决方案。

这是自定义-application.cfm 文件中的部分代码:

<cfif cgi.query_string contains "login=1">
    <cfif not cgi.query_string contains "forcelogin=1">
        <cflog text="SERVER_NAME: #cgi.SERVER_NAME#" type="Information" file="Authentication">
        <cflog text="PATH_INFO: #cgi.PATH_INFO#" type="Information" file="Authentication">
        <cflog text="PATH_TRANSLATED: #cgi.PATH_TRANSLATED#" type="Information" file="Authentication">
        <cflog text="SCRIPT_NAME: #cgi.SCRIPT_NAME#" type="Information" file="Authentication">
        <cflog text="QUERY_STRING: #cgi.QUERY_STRING#" type="Information" file="Authentication">
        <cflog text="REMOTE_HOST: #cgi.REMOTE_HOST#" type="Information" file="Authentication">
        <cfif cgi.http_referer contains "search/?search=">
                <cflog text="cgi.http_referer contains: #cgi.http_referer#" type="Information" file="Authentication">
                <cfset tmp=ReReplace(cgi.http_referer, "^.+\.mysite\.com", "")>
                <cfset scriptName=ReReplace(cgi.script_name, "^index.cfm\.+", "")>
                <cflog text="scriptName: #scriptName#" type="Information" file="Authentication">
                <!---<cfset qryString=ReReplace(#tmp#, "/search/?search=", "")>--->
                <cfscript>
                    qryString = replace(#tmp#, "/search/?search=", "", "All");
                </cfscript> 
                <cflog text="qryString: #qryString#" type="Information" file="Authentication">
                <cfset session.preauthurl="#request.author_url#/kb/article/#qryString#">
                <cflog text="After cfset session.preauthurl: #request.author_url#/kb/article/#qryString#" type="Information" file="Authentication">
                <cflocation url="#request.author_url#/authenticate.cfm" addtoken="no">
            <cfelse>
                <!---<cfset session.preauthurl="#cgi.http_referer#">--->
                <cflog text="session.preauthurl-172: #session.preauthurl#" type="Information" file="Authentication">
                <cflog text="cflocation url: #request.author_url#/authenticate.cfm" type="Information" file="Authentication">
                <cflocation url="#request.author_url#/authenticate.cfm" addtoken="no">
        </cfif>
        <!---<cfset session.preauthurl="#cgi.http_referer#">
        <cflocation url="#request.author_url#/authenticate.cfm" addtoken="no">--->
    <cfelse>
        <cflocation url="#request.author_url#/authenticate.cfm" addtoken="no">
    </cfif>
</cfif>

这里是 authenticate.cfm 文件中的部分代码:

    <!--- if this user is not marked as a "licensed contributor", mark them as such.--->
    <cfif session.user.LICENSEDCONTRIBUTOR eq 0> 
        <cftry>
            <CFLOCK SCOPE="Session" TYPE="Exclusive" TIMEOUT="5" THROWONTIMEOUT="Yes">
                <cfquery DATASOURCE="#session.user.USERSDATASOURCE#" NAME="updateContributor">
                   UPDATE Users
                   SET LicensedContributor = '1'
                   WHERE ID = #session.user.id#
                </cfquery>
                <cfset session.user.LicensedContributor = "1">
            </CFLOCK>
        <cfcatch>
            <cfoutput>Error in /authenticate.cfm: An error occurred while trying to log in. Please try again.</cfoutput>
        </cfcatch>
        </cftry>
    </cfif>

    <cflog text="preAuthUrl-63: #session.preAuthUrl#" type="Information" file="Authentication">
    <!---we are now logged in, so redirect somewhere--->
    <cfif session.preAuthUrl eq "">
        <!---not sure where we came from, so redirect to the homepage--->
        <cflocation url="/" addtoken="no">
    <cfelse>
        <!---The tmp here will cause interna server error because it was not defined anywhere.--->
        <cfset tmp=ReReplace(session.preAuthUrl, "^.+\.mysite\.com", "")>
        <cfif session.preAuthUrl contains "login=1">
            <cfif tmp eq "">
                <cflocation url="/" addtoken="no">
            <cfelse>
                <cflog text="tmp-75: #tmp#" type="Information" file="Authentication">
                <cflocation url="#tmp#" addtoken="no">          
            </cfif>
        <cfelse>
            <!---<cfset tmp=ReReplace(session.preAuthUrl, "^.+\.mysite\.com", "")>--->
            <cflog text="final URL: #request.author_url##tmp#" type="Information" file="Authentication">
            <cflocation url="#request.author_url##tmp#" addtoken="no">          
        </cfif>
    </cfif>
</cfif>


<cflog text="http_referer: #cgi.http_referer#" type="Information" file="Authentication">

<!---go back to wherever we came from--->
<cflocation url="#cgi.http_referer#" addtoken="no">

这是日志显示的内容:

========================This is the first time hitting the custom-appliction==================================
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:41","SITE1","SERVER_NAME: devbox.mysite.com"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:41","SITE1","PATH_INFO: "
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:41","SITE1","PATH_TRANSLATED: \commonspotshare.mysite.com\commonspot$\DEVSITE\dev.mysite.com\kb\article\index.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:41","SITE1","SCRIPT_NAME: /kb/article/index.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:41","SITE1","QUERY_STRING: login=1"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:41","SITE1","REMOTE_HOST: 10.34.3.251"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:41","SITE1","cgi.http_referer contains: https://devbox.mysite.com/search/?search=calendar"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:41","SITE1","scriptName: /kb/article/index.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:41","SITE1","qryString: calendar"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:41","SITE1","After cfset session.preauthurl: https://devbox.mysite.com/kb/article/calendar"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:46","SITE1","preAuthUrl-63: https://devbox.mysite.com/kb/article/calendar"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:46","SITE1","final URL: https://devbox.mysite.com/kb/article/calendar"
----------------noticed that it never gets to the "http_referer" log at the bottom which is the correct behavior------------------------------------------
========================Now, it hits the target page of "calendar" and it launches the custom-appliction again=====================================================
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:46","SITE1","SERVER_NAME: devbox.mysite.com"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:46","SITE1","PATH_INFO: "
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:46","SITE1","PATH_TRANSLATED: \commonspotshare.mysite.com\commonspot$\DEVSITE\dev.mysite.com\kb\article\index.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:46","SITE1","SCRIPT_NAME: /kb/article/index.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:46","SITE1","QUERY_STRING: login=1"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:46","SITE1","REMOTE_HOST: 10.34.3.251"
---------------------Noticed the line below shows the target page correctly in session.preauthurl variable------------------------------------------
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:46","SITE1","session.preauthurl-172: https://devbox.mysite.com/kb/article/calendar"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:46","SITE1","cflocation url: https://devbox.mysite.com/authenticate.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:47","SITE1","preAuthUrl-63: https://devbox.mysite.com/kb/article/calendar"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:47","SITE1","final URL: https://devbox.mysite.com/kb/article/calendar"
----------------------Noticed the line above here (final URL) shows the correct target page--------------------------------------------------------
=======================But it never actually gets to the target page, it went back to the custom-appliction file again as shown below===================================
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","SERVER_NAME: devbox.mysite.com"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","PATH_INFO: "
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","PATH_TRANSLATED: \commonspotshare.mysite.com\commonspot$\DEVSITE\dev.mysite.com\kb\article\index.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","SCRIPT_NAME: /kb/article/index.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","QUERY_STRING: login=1"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","REMOTE_HOST: 10.34.3.251"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","session.preauthurl-172: https://devbox.mysite.com/kb/article/calendar"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","cflocation url: https://devbox.mysite.com/authenticate.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","preAuthUrl-63: https://devbox.mysite.com/kb/article/calendar"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","final URL: https://devbox.mysite.com/kb/article/calendar"
=======================And again here,it launches the custom-appliction file again and go through a loop===============================================================
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","SERVER_NAME: devbox.mysite.com"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","PATH_INFO: "
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","PATH_TRANSLATED: \commonspotshare.mysite.com\commonspot$\DEVSITE\dev.mysite.com\kb\article\index.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","SCRIPT_NAME: /kb/article/index.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","QUERY_STRING: login=1"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","REMOTE_HOST: 10.34.3.251"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","session.preauthurl-172: https://devbox.mysite.com/kb/article/calendar"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:48","SITE1","cflocation url: https://devbox.mysite.com/authenticate.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","preAuthUrl-63: https://devbox.mysite.com/kb/article/calendar"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","final URL: https://devbox.mysite.com/kb/article/calendar"
=======================And again here,it launches the custom-appliction file again and go through a loop===============================================================
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","SERVER_NAME: devbox.mysite.com"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","PATH_INFO: "
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","PATH_TRANSLATED: \commonspotshare.mysite.com\commonspot$\DEVSITE\dev.mysite.com\kb\article\index.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","SCRIPT_NAME: /kb/article/index.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","QUERY_STRING: login=1"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","REMOTE_HOST: 10.34.3.251"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","session.preauthurl-172: https://devbox.mysite.com/kb/article/calendar"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","cflocation url: https://devbox.mysite.com/authenticate.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","preAuthUrl-63: https://devbox.mysite.com/kb/article/calendar"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:49","SITE1","final URL: https://devbox.mysite.com/kb/article/calendar"
=======================And again here,it launches the custom-appliction file again and go through a loop===============================================================
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","SERVER_NAME: devbox.mysite.com"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","PATH_INFO: "
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","PATH_TRANSLATED: \commonspotshare.mysite.com\commonspot$\DEVSITE\dev.mysite.com\kb\article\index.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","SCRIPT_NAME: /kb/article/index.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","QUERY_STRING: login=1"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","REMOTE_HOST: 10.34.3.251"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","session.preauthurl-172: https://devbox.mysite.com/kb/article/calendar"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","cflocation url: https://devbox.mysite.com/authenticate.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","preAuthUrl-63: https://devbox.mysite.com/kb/article/calendar"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","final URL: https://devbox.mysite.com/kb/article/calendar"
=======================And again here,it launches the custom-appliction file again and go through a loop===============================================================
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","SERVER_NAME: devbox.mysite.com"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","PATH_INFO: "
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","PATH_TRANSLATED: \commonspotshare.mysite.com\commonspot$\DEVSITE\dev.mysite.com\kb\article\index.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","SCRIPT_NAME: /kb/article/index.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","QUERY_STRING: login=1"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","REMOTE_HOST: 10.34.3.251"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","session.preauthurl-172: https://devbox.mysite.com/kb/article/calendar"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:50","SITE1","cflocation url: https://devbox.mysite.com/authenticate.cfm"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:51","SITE1","preAuthUrl-63: https://devbox.mysite.com/kb/article/calendar"
"Information","ajp-bio-8013-exec-7","02/25/16","12:17:51","SITE1","final URL: https://devbox.mysite.com/kb/article/calendar"
=========================And it finally quits in Firefox but in IE it keeps going forever====================================================================

问题是您将页面的引用 url 存储在当前 url 的会话中,您希望在身份验证后返回。而不是使用 cgi.http_referer 你应该使用 path_info 和 query_string (你可以跳过 query_string 如果你的 refral URL 不包含任何)

  <cfif cgi.query_string contains "login=1">
    <cfif not cgi.query_string contains "forcelogin=1">     
        <cfset session.preauthurl="https://devbox.mysite.com#cgi.path_info##cgi.query_string#">
        <cflocation     url="#request.author_url#/authenticate.cfm" addtoken="no">
<cfelse>
    <cflocation url="#request.author_url#/authenticate.cfm" addtoken="no">
    </cfif>
</cfif>

但如果用户手动登录,则必须使用 http_referer。

感谢大家的回复和支持。我终于弄明白了。它进入循环的原因是因为我测试用户是否通过身份验证的方式是错误的。因为我们使用的是 CommonSpot CMS,所以我尝试使用他们的 API 来检查 .isLoggedIn 是否错误。我最终不得不设置 session.mySiteShibboleth.isAuthenticated 变量并在我的详细信息页面中检查该变量。如果不正确或未设置,则将用户重定向到身份验证页面。这似乎有效。

<cfif IsDefined("session.mysiteShibboleth.isAuthenticated") >
    <cfoutput>
        mysiteShibboleth exists.
    </cfoutput>
<cfelse>
    <cflocation url="#request.author_url##cgi.script_name#?login=1" addtoken="no" > 
</cfif>