onRequestStart issue

I have a login page that is included in my application.cfc if my authentication methods fail, this is all working fine except in 1 bazaar occasion.

in one of my pages I use cfdocument and use the SRC attribute to include html from another page.
When I fire the cfdocument it tries to include the src page but actually seems to fire the include in application with the login page in it, even though we are indeed logged in…

Using src in cfdocument makes a cfhttp call under the hood… this call does not have any session state, thus resulting in the login page being included (as this is seen as a new client request) instead of what you expect to see.

If this document is only visible when being included with cfdocument and does not require a login in the standard course of things, then you can simply check if that document source is being requested in your OnApplicationStart() method (or wherever you’re including the session management that includes the login page) and exclude that document source from session management. For example

if( !findNoCase( '[my source document]', CGI.SCRIPT_NAME ) ) {
    // do session management

or, if you end up with multiple document sources that should be excluded, do something like…

if( !listFindNoCase( '[my source document],[my other source document]'
    , CGI.SCRIPT_NAME ) ) {
    // do session management


– Denny

1 Like

Great… thanks a lot