This must be security week. Chris asked this:
Is there a simple way to redirect users after login to the page they came from?
Sure is. Let's use a concrete example from Galleon . Galleon lets users browse the site but they can't write new posts until they sign in. I wanted to make it so that if you were viewing a thread and decided to login, you would be returned to that thread when done. Here is how I did it.
First I created a variable for the current page:
<cfset thisPage = cgi.script_name & "?" & reReplace(cgi.query_string,"logout=1","")>Notice that I use the currently query string in order to get any URL variables. However, I use a URL variable to log people out so I have code to remove that. (This may not apply to your own site.) I then create a complete link to the login page:
<cfset link = "login.cfm?ref=#urlEncodedFormat(thisPage)#">The link contains a URL variable, ref, that is a pointer back to where I came from. My logon form is written to ensure it doesn't lose any URL variables. On a good logon, I then simply send the user back:
<cfif request.udf.isLoggedOn()> <cfif isDefined("url.ref")> <cflocation url="#url.ref#" addToken="false"> <cfelse> <cflocation url="index.cfm" addToken="false"> </cfif>Easy as pie, and I'm sure there are a hundred other ways of doing this as well.