Actually I'm not supposed to use cookies so that's why I want to use a session variable. I only have one user which is also why I'm not storing username/password in a DB - simple authentication lets you have one user for the whole directory and Dreamweaver even encrypts the password so it's not stored in simple text.
I have to figure out this lock-out feature to pass the security checks the server folk have on our intranet. Thanks for responding! Pam At 12:33 PM 11/2/2007, you wrote: >Well - > >You could use cookies - but if they erase their cache, that won't help the >20 minute delay. I track Good and Bad Logins in the database - and for some >sites if they have too many bad logins - I set their account status to >Inactive, which has to be manually changed by an Admin. However - to track >it - > >If Login Fails: > > <!--- Track Failed Login, insert it into DB ---> ><cfquery datasource="#APPLICATION.DSN#" username="#APPLICATION.username#" >password="#APPLICATION.password#"> > INSERT INTO LoginTrackBad (Login, PassAttempt, UserIP) > VALUES ( > '#FORM.username#', > '#FORM.password#', > '#cgi.remote_addr#') > </cfquery> > >Once you track that data - you can run checks against it based on whatever >you want. I have the database Auto timestamps it - so you could query That >username and Login attempts within 20 minutes of #Now()#. If it's too many - >bypass your login script all together. > >Does that help? > >- Nick ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade to ColdFusion 8 and integrate with Adobe Flex http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP Archive: http://www.houseoffusion.com/groups/CF-Newbie/message.cfm/messageid:3132 Subscription: http://www.houseoffusion.com/groups/CF-Newbie/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.15
