Oh hey, I think I know what you may be seeing. Are you already logged on? What do you see if you output getAuthuser()? Remember that the code INSIDE cflogin is only run if you are not logged in.
======================================================================== === Raymond Camden, ColdFusion Jedi Master for Mindseye, Inc (www.mindseye.com) Member of Team Macromedia (http://www.macromedia.com/go/teammacromedia) Email : [EMAIL PROTECTED] Blog : www.camdenfamily.com/morpheus/blog Yahoo IM : morpheus "My ally is the Force, and a powerful ally it is." - Yoda > -----Original Message----- > From: Jeff [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 10, 2003 8:22 AM > To: CF-Talk > Subject: Re: [cflogin] My Symptoms and my application.cfm code... > > > on 7/10/03 10:11 AM, Raymond Camden at [EMAIL PROTECTED] wrote: > > > I'd see Thomas' reply on storing the hashed version of the > password. > > This is better than my method. As for the mechanics of the > cookie, you > > can either store one cookie, and then simply say the first 50 chars > > are username, the rest password, or use two passwords. I like to be > > anal, so if I am storing a sensitive piece of info, I won't use an > > obvious cookie name. You can also do stuff like: > > > > Take username, pad it to 50 chararacters, add hashed > password, reverse > > the entire string. Etc. > > > > It won't stop the determined hacker, but it will stop a > script kiddie > > most likely. > > > > Well, I added everything youse guys have said so far, and I'm > sure it will work, but I still don't get redirected to my > login page when I try to access my admin directory with not a > cookie in sight, and not coming from the login form. I'm > sticking little flag variables in places that look suspicious > and I'm trying to redirect that way. > > Even odder, in the top of each page template (I know I know, > it could go in the application.cfm, but not all pages need to > be protected) I put a couple of lines of code that read: > > <cfif GetAuthUser EQ ""> > <cflocation url=login.cfm"> > </cfif> > > So at the very least, when I try to access ".../admin/" and > my default doc is 'index.cfm' and I've got that little line > of code in, and I clear all my cookies, I should AT LEAST be > going to the login page just from that little bit of code there... > > <belushi>"but noooooooo..."</belushi> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
