My app uses Central Authentication Service (CAS) to login to the app. For those unfamiliar, this means I have a Ring middleware that redirects visitors to the server page where they login, and are then bounced back to my site with some added information, including a “?ticket=AKJF2390JKl” type string in the URL. This string is the problem; by now they are already logged in, so this means there is a time I no longer need that ticket number. However, I’m having trouble figuring out how and when to remove that string. I have various middlewares set up to look at the request so far, and I can locate two places that string appears in the request map (that’s [:params :ticket] and [:query-string]), but dissocing those two keys doesn’t change what URL the page gets in the end (e.g. “Website Hosting - Mysite.com”). Not only is this unsightly, but it results in refresh failing on the page because the ticket is one-time use (though refresh works fine when you remove the ticket string altogether after they’ve logged in, as by that point it’s cookie-powered).
So, if I can remove an end-result query string by disocing from the request map with my middleware, my question is this:
What do I need to dissoc in order to see a change in the end-user URL?
When in the middle-ware cycle do I need to perform this dissoc?
What is your app code using in the Ring request that it sees the URL with that in it?
I suspect it’s checking :uri directly (why?) so your middleware to dissoc from :params and modify :query-string is also going to need to modify :uri so you’ll probably need to do some regex replacement (and be careful you don’t turn :uri into an invalid string!).
You may also need to dissoc from :query-params (which is where URL parameters end up, as well as in :params depending on the middleware your app is using).
I’m running reitit.ring as my middleware framework, with the handler serving to check :query-params and :session for the portion that actually uses that information. It’s not clear to me what actually generates the uri string, though, as I don’t see anything explicitly mentioning :headers.