Ok guys here it is, these tags are still under development but they work
well to demonstrate the purpose...
Application.cfm
---------------
<!---
The following is so that the pages are expired to stop Browsers from
caching the pages
--->
<CFSET dtCache = CreateDate(1995, 1, 1)>
<CFSET CacheDate = DateFormat(dtCache, 'ddd, d mmm YYYY ') &
TimeFormat(dtCache, 'hh:mm:ss ') & "GMT">
<CFHEADER NAME="Expires" VALUE="#CacheDate#">
<CFHEADER NAME="Pragma" VALUE="no-cache">
<CFHEADER NAME="cache-control" VALUE="no-cache, no-store,
must-revalidate,revalidate">
<!---
As you can see I have a DB setup called CFClientVars, this is not
necessary but I do this because I don't want the information in the
registry
--->
<cfapplication sessionmanagement="No" name="test" clientmanagement="Yes"
setclientcookies="Yes" clientstorage="CFClientVars">
<!---
A CF mapping that sits underneath the wwwroot
--->
<cfset Application.CustomTagPath = "/eCustomTags/">
<!---
I have spoken about my methodology, and I always go through the one
template, this is to stop people from trying to guess paths on the
server. Sort of very similar to Fusebox but I think my method works
better...
--->
<cfif GetFileFromPath(GetBaseTemplatePath()) neq "index.cfm">
Hacker Alert...
<cfabort>
</cfif>
<!---
Check the session state, is the user still logged in or not
--->
<cfmodule template="#Application.CustomTagPath#ASSessionStatus.cfm">
ASSessionStatus.cfm
-------------------
<!---
Lets see if we have hit the site before, if we have hit the site before
then lets see if it
is within the desired session time limits.
--->
<!---The following is required because if the variable doesn't exist we
need to create an
empty default version of these....
--->
<cfparam name="Attributes.SessionTimeOut" default=20>
<cfparam name="Client.Username" default="Guest">
<cfparam name="Client.Password" default="Guest">
<cfparam name="Client.LoggedIn" default="0">
<!---
We need to reset the cookie so that when the user closes the browser it
will be expired
--->
<cfcookie name="CFID" value="#Cookie.CFID#">
<cfcookie name="CFToken" value="#Cookie.CFToken#">
<cfif Client.LoggedIn eq 1>
<cfset DatePageHit = now()>
<cfset SessionDifference=DateDiff("n", Client.LastVisit,
DatePageHit)>
<cfif SessionDifference gte Attributes.SessionTimeOut>
<cfset Client.LoggedIn = 0>
<cfset Client.Username="Guest">
<cfset Client.Password="Guest">
<cfelse>
<cfset Client.LoggedIn = 1>
</cfif>
</cfif>
<!----------------------------------------------------------------------
----------->
<!--- Lets now check to see if the user is to be logged in or not --->
<!--- This is also a custom tag that will do the same thing as
cfauthenticate, but because at the time of writing this, unix versions
do not support siteminder this tag sets this up for me.... and does
basically the same thing
What this tag does is return a request scope that I can use for policies
and groups that a user might belong too....
For example it might contain something like this...
Request.AppSecurity.UserGroup = Guest,SuperUser,Admin
Request.AppSecurity.UserLevel = 255
Request.AppSecurity.Username = Admin
Request.AppSecurity.UserPolicy = View
I use the userlevel for different levels if needed, because some sites I
have worked on needed to have different admin levels. I use this, but
you might be able to get away with just the UserPolicy....
--->
<cfmodule template="#Application.CustomTagPath#ASSecure.cfm"
datasource="UserDirectory" Username="#Client.Username#"
Password="#Client.Password#">
index.cfm
---------
<cfif Client.LoggedIn eq 0>
<a href="login.cfm">Log in to system</a>
<cfelse>
<a href="logout.cfm">Log out of system</a>
</cfif>
Login.cfm
---------
<cfset Client.Username="admin">
<cfset Client.Password = "siteminder">
<cflocation url="index.cfm" addtoken="No">
logout.cfm
----------
<cfset Client.Username="Guest">
<cfset Client.Password="Guest">
<cflocation url="index.cfm" addtoken="No">
------------------------------------------------------------------------
--
As you can see this is very straight forward, I don't store anything
more in cookies than I have to, and using the client scope to check the
status of the session time the user has been connected for......
It is very straight forward, if anyone has any queries or can see any
problems then please let me know!
> -----Original Message-----
> From: Kola Oyedeji [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, 26 July 2001 7:01 PM
> To: CF-Server
> Subject: RE: Using CFAPP and inactive interfaces...
>
> Hi
>
> Andrew I would be interested. Incidentally as far as i understand,
using
> client variables stored in a database
> means for every page requested there is a trip to the database right?
Isnt
> that very inefficient?
>
> KOla
>
>
> Kola Oyedeji
> Web developer
> Allaire Certified ColdFusion Developer
> http://www.ekeda.com
> 0208-429-7323
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
To unsubscribe, send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body or visit the list page at www.houseoffusion.com
