rc._secured_url & rc.last_url are not accurate

Description

My site is running on http://localhost:81 (browsersync proxy to port 80 ). After forcing a login, I want to relocate a user to the page they were trying to reach originally. When cbsecurity redirects to a login page, it populates rc._securedURL with `http://localhost/db`, which is the correct url, but not the correct port. The second problem is when I do a manual relocate and try to get the same thing out of rc.last_url, it is `db/` which breaks the relocation after logging in. ( should be `/db` , but `http://localhost:81/db` would be better )

For consistency, it would be good if the last_url worked exactly the same as _securedURL (once _securedURL includes the correct port). Or maybe another param like _full_last_url could be added. (or maybe last_url and last_uri makes the most sense?) But in the absence of that, is there a way I can manually trigger a cbsecurity login from a prehandler()?

vscode won't find anything in /modules or /coldbox folders for some reason so I can't fix this myself without spending hours trying to figure out where those are set up.

```
code from which I'm relocating (handlers/db.cfc )
================

function preHandler(
event,
rc,
prc,
action,
eventArguments
) {
try {
jwtService.parseToken(
decrypt(
cookie._cbjwt,
"superstrongpassword",
"blowfish",
"base64"
),
false,
false
);
prc.user = getInstance( "user" ).findOrFail( prc.jwt_payload.sub );
} catch ( e ) {
relocate( "login" );
}

event.setLayout( "secure" )
}

login page field to store last url (views/session/new.cfm)
====================
#html.hiddenField( name="_securedURL", value=event.getValue( '_securedURL', event.getValue('last_url','') ) )#

login handler (handlers/sessions/create.cfc)
=========
try {
prc.user = auth.authenticate( rc.email, rc.password );

qb.newQuery()
.from( "users" )
.where( "id", prc.user.getID() )
.update( { dLastLogin : now() } )

cookie._cbjwt = {
value : encrypt(
jwtService.fromUser( prc.user ),
"superstrongpassword",
"blowfish",
"base64"
)
};

if ( rc._securedURL.len() ) {
relocate( url = urlDecode( rc._securedURL ) );
} else {
relocate( uri = "/secure" );
}

} catch ( InvalidCredentials e ) {
flash.put( "login_form_errors", { "login" : "Invalid Credentials" } );
redirectBack( persist = "_securedURL" );
}

```

Activity

Show:
John Wilson
September 22, 2020, 7:02 PM

I stumbled on this other coldbox bug that mentioned a port not being included. For me, when I start on port 81, it’s still relocated without a port (so I end up at http://localhost/login instead of http://localhost:81/login) and securedURL does not include the port.

Assignee

Luis Majano

Reporter

John Wilson

Labels

None

Priority

Major
Configure