Well, I posted a message here about a month or two ago that didn't get
much play, and then I proxied my message to the CFGURU list through
another member there. You tried valiantly to help there, but the end
result was me giving up in frustration.
I find that it is EXTREMELY difficult to summarize the problem in
print. Everybody's first reaction is that I'm doing something wrong
(which I am open to, except that the specific things that have been
mentioned I haven't done wrong), or that I don't understand how cflogin
and the cflogin scope works, or that I don't delete the right cookies,
or that I'm running cflogout at the wrong time. Charlie Arehart
actually came by to visit me and see my problem in person. He hung
around for four hours and the most we got accomplished was sort of
agreeing on what was going wrong behind the scenes.
I'll try to summarize it though.
When my users pass server authentication, I run a query to see if the
auth_user is in my database (using cflogin.name to do so). If they
are, I set some session variables and use cfloginuser to set their
roles. If they are not, I display a "you failed" template. When they
logout, I delete the session variables and the specific cflogin cookie
set by cfmx.
I am aware that after they logout the auth_user is still being passed
by the browser.
What I found happening wrong, is that when the idletimeout was set to
anything other than 1, I could not log in a new user... even if I
closed the browser and entered in brand new information in the server
prompt. In my application.cfm I transfer my session variables to
request variables and these lines of code would throw an error...
because the session variables were never set.
But.
If my idletimeout was set to something "normal" like say 500 seconds,
and after logout I closed my browser, entered brand new information in
the server prompt and the user was not located in my database, they
would see the "you failed" template as expected.
This was very confusing, because if they could see the "you failed"
template, there was no reason why the session variables wouldn't be
set... it was all happening in the same block of code. It's one simple
<if> statment, you see? The <else> condition worked perfectly when the
original <if> condition obviously was not.
Again, I only see this problem when the idletimeout attribute of
cflogin is set greater than 1. If I set the cflogin timeout to just 1,
my flow works like I expect. Of course, the problem then is that my
login authorization is happening every time that a user requests a page.
I'm posting the code (cause I know someone's gonna ask). I hope it
shows up. And yes, I did pretty much take my structure from the docs
on cflogin.
<!--- Process the logout--->
<cfif isdefined("url.logout") or isdefined("form.logout")>
<!--- Clear aditional information. The cookies probably don't need to
go. --->
<cfcookie name="CFAUTHORIZATION_CAER" expires="now">
<cfcookie name="CFID" value="" expires="now">
<cfcookie name="CFTOKEN" value="" expires="now">
<cfcookie name="JSESSIONID" value="" expires="now">
<cfset structclear(session)>
<cflogout>
</cfif>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription:
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Get the mailserver that powers this list at http://www.coolfusion.com
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
