So, I am trying to understand why I would ever want to use onRequest() in one of my Applications. Maybe someone can help me figure out a valid reason. I'm sure there are plenty of them, but I am looking for one, or more, that do not seem like bad programming/security issues.
Here is my issue. Take a simple onRequestStart() in my application.cfc.
<cffunction name="onRequestStart" access="public" output="false">
<cfset variables.myVar1 = "my variable is cool" />
Now, if I add an onRequest() method to my Application.cfc, which takes in the argument of the target page and requires that I cfinclude it, it combines the Application.cfc local scope with my target pages local scope.
<cffunction name="onRequest" access="public" output="false">
<cfargument name="TargetPage2" type="string" required="true" />
<cfset myVar2 = "my variable is cool" />
<!--- Include the requested page. --->
<cfinclude template="#ARGUMENTS.TargetPage2#" />
So not only did it show up with the myVar2 variable in it, but it has the myVar1 variabel from onRequestStart, it has all of my Application.cfc methods, it has all of my THIS scope variables from Application.cfc and all of the local variables from Application.cfc.
So, my question is, why would I want this? Why would I want to combine my Application.cfc local scope with the local scope of EVERY page in my application? Why would I want to expose my Application.cfc's properties and methods to all of my pages? Not only does it seem like bad programming practice to me, but it seems like it would be a security issue.
So maybe I am missing some HUGE benefit to this practice. But to me, it seems like a silly thing to do. Not to mention the fact that using onRequest() breaks all sorts of cool things with Ajax, Flash remoting, etc. Thanks for any input!