Looking for suggestions on how to handle Coldfusion session timeout with cfc

Question

Currently I am handling redirecting someone to the login page of a CF2018 site via the onrequeststart method. If cflogin is not defined I include the loginform.cfm page. I am having an issue though when I recover from that after a session time out that I am looking for suggestions on how to handle.

Say I have a users page that manages users and on the main index page I have a button on each row that you can click to delete a user. From there the form is submitted to a users.cfc page with a delete function. I am also setting page variables like the page title etc. on the main users index page. If the session times out and someone clicks the delete button the loginform displays and they can log in. It works great, but then it tries to redirect back to the cfc and at that point the variables are not there and it throws a 500 error.

I am trying to think of how I should handle that. When the session times out should I fully redirect them back to the root instead of including the loginform.cfm template?

Any suggestions or thoughts are appreciated.

Answer 1

From there the form is submitted to a users.cfc page with a delete function.

If your form is directly posting to something like

action="users.cfc?method=delete"

then change that to

action="user_delete.cfm"

and invoke your CFC on that page.

That may react better to your onRequestStart() process checking with cflogin.

I would also suggest validating that cgi.request_method EQ "POST" before processing any delete requests or any form processing where method="post".