I have a coldfusion helpdesk application that is secured with a application.cfm login system. Once a ticket is submitted it sends out an email with a link to view the ticket. The link contains a url variable to link it back to the correct ticket. If the user is not logged in, the url variable is stripped off after the login process. Is there any way to prevent this?
From your description, at least 2 requests are involved. One request takes the unauthenticated user to the login page. Together with URL variables. I would imagine that a second request then takes him - without URL variables! - from the login form to the form's action page, where his credentials are validated.
If so, then that is the expected behaviour. You could change it as follows. Enable session management, and implement the following on the login page:
<cfloop collection="#url#" item="myVar">
<cfset session[myVar] = url[myVar]>
This results in ColdFusion storing the value of each URL variable as a variable of the same name in the session scope. Thus, the values of URL.x, URL.y, etc. will be stored, respectively, as SESSION.x, SESSION.y, etc.. You could then transfer the respective values from session back into URL scope in the links in later pages.
That was it. I thought it has something to do with session variables, I just couldn't figure out how to translate it. I added the code to my application.cfm and in my view page I added a code to check for the existence
of the url variable. If it is not there then I write it as a cfset using the session variable.