Skip to main content
S
sic4730
Inspiring
January 12, 2009
Answered

Is it possible to use a Form Post with no submit button

  • January 12, 2009
  • 4 replies
  • 676 views
I have a website which users log into.
After login they are able to click on a navigation button to access an application. Currently users have to log into our site and then into the application.
We are trying to eliminate the need for 2 logins by using pass-thru authentication.
I have to send a form post to the application w/ user session data (user Id).
I have been asked not to create a page where the uses has to hit submit.
So my question is what is the best way to do this?
I was planning on creating another page that opens once the user clicks on the navigation button. The page that opens looks as though it logging into the application. That page would contain a form w/ hidden form field {session.userinfo} and post it to the application.
So is there a magic way w/ a redirect or something to do this?
Thanks for your help!
    This topic has been closed for replies.
    Correct answer fober1
    Hi Tina,
    It depends a lot on the application you want to navigate to from your CF site.

    One way would be a server-side solution, having the navigate button on your page call the navigate.cfm script on your server, which uses cfhttp to submit the login to the application like Ian recommended. But the problem in this situation might be that the application will return a session to the CF server (a cookie, with a session ID, for a "logged in" session), and I'm not sure if the CF server could "forward" that session to the user's browser.

    The other way would be to have a browser-side solution. But in this case you would need to have the CF server post the username and password within the source code of your page back to the browser (username and password would be clear-text! in the page source code).

    The simple solution for the browser-side option would be to have the hidden login form not in a separate window, but directly within your page (so your navigate button basically becomes the submit button for your applications login form). This way you could avoid javascript.

    The more complicated solution for the browser-side option that also avoids the clear-text user name / password issue, would be to have a navigate button that calls a javascript function that retrieves the username and password from the server using a authenticated webservice, and then posts the credentials to the application.

    The server-side option would only work, if your application doesn't return a session ID in a cookie, but could also handle the session ID as a URL parameter.

    So it really depends on what your application can handle (cfhttp may not even work if the site is properly secured against cross-site scripting), and what level of "hair-raising-security" you are willing to accept.

    Cheers,
    fober

    4 replies

    S
    sic4730Author
    Inspiring
    January 13, 2009
    I added the form to the navigation w/ the button being the submit. It work like a charm.
    Thanks for all your help!
    F
    fober1Correct answer
    Inspiring
    January 13, 2009
    Hi Tina,
    It depends a lot on the application you want to navigate to from your CF site.

    One way would be a server-side solution, having the navigate button on your page call the navigate.cfm script on your server, which uses cfhttp to submit the login to the application like Ian recommended. But the problem in this situation might be that the application will return a session to the CF server (a cookie, with a session ID, for a "logged in" session), and I'm not sure if the CF server could "forward" that session to the user's browser.

    The other way would be to have a browser-side solution. But in this case you would need to have the CF server post the username and password within the source code of your page back to the browser (username and password would be clear-text! in the page source code).

    The simple solution for the browser-side option would be to have the hidden login form not in a separate window, but directly within your page (so your navigate button basically becomes the submit button for your applications login form). This way you could avoid javascript.

    The more complicated solution for the browser-side option that also avoids the clear-text user name / password issue, would be to have a navigate button that calls a javascript function that retrieves the username and password from the server using a authenticated webservice, and then posts the credentials to the application.

    The server-side option would only work, if your application doesn't return a session ID in a cookie, but could also handle the session ID as a URL parameter.

    So it really depends on what your application can handle (cfhttp may not even work if the site is properly secured against cross-site scripting), and what level of "hair-raising-security" you are willing to accept.

    Cheers,
    fober
    S
    sic4730Author
    Inspiring
    January 13, 2009
    The application I have to pass the user ID is hosted on a none ColdFusion site.
    The vendor of the app said we have to use a form post in order to pass the user ID.
    I like the recommendation of making the navigation button the submit button for a hidden form.
    My site does use session variables and after a user logs in sets loggin=true.
    I will let you know how it turns out.
    C
    craigkaminsky
    Inspiring
    January 12, 2009
    Tina,

    Are you using session variables in this application? If so, I would think you can store the validated user data (ID, password, etc.) in an appropriate session scope and then check for the existence of those session variables on your application page.

    For example, after validating a user when they log into your site, you could do something like this in your CFML:
    <cfset session.isLoggedIn = true />

    Then, on your application page, look for this variable and make sure it's true :) before letting them see the application.
    <cfif IsDefined('session.isLoggedIn') and session.isLoggedIn>
    show app
    <cfelse>
    re-route to login page
    </cfif>

    If such an approach doesn't work, you can use cfhttp or a JavaScript function to send post data to another script on your site/application but this general idea might be simpler and more efficient.
    N
    Newsgroup_User
    Inspiring
    January 12, 2009
    The way you are going with a hidden form would require JavaScript. You
    could create a JavaScript submit() action that occurred on the OnLoad
    event to submit the hidden form.

    But, probably, a better way to do this is to use the <CFHTTP...> tag
    that allows you to send an HTTP request to an url and process the
    results inside the Application Server and not even bother the client
    with loading pages, hidden forms and JavaScript. Eliminating the
    problems associated with users who have JavaScript turned off, don't
    allow hidden forms or and just generally suspicious of too much
    background processing.
    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices