Posting this here so it hopefully helps someone else.
I had an interesting issue today where I was trying loading a search page from within an iframe on another website, however it wasn’t loading, instead giving an error about DOM security. That was misleading as by default you can load a page inside an iFrame without issue. However drilling into the page source of the loaded page showed that the SC form was trying to redirect to my main login page instead of rendering the form.
That led to some digging through the SC generated code and I realised the following:
- Using the macro sc_apl_default to set the default login application upon session timeout, actually creates a file inside the _lib/tmp folder with these settings. That allows you to set it once in your login application and then every other application checks for that file on app load.
- The Macro sc_reset_apl_default deletes this file from the server. Well thats great for one application, but now that its deleted from the server, another user who is already inside the application and clicks through to another app won’t get those settings and won’t be redirected to the login page. Very bad design. It needs to be session specific.
- If that wasn’t bad enough, the documentation for sc_reset_apl_default is wrong. It must be called from on_app_init, not on_script_init.