Here's my code. I've blocked out some of the LDAP info for security reasons, (I''m an auditor, I'm paranoid.) The login.cfm script I'm including to do the login has the correct fields in it, and not much else.

<cfapplication name="DashBoard"
               clientmanagement="Yes"
               sessionmanagement="Yes"
               setclientcookies="Yes"
               clientstorage="cookie"
               loginstorage="cookie"
               sessiontimeout="#CreateTimeSpan(0,0,30,0)#">


<!--- Check to see if the application has been initialized. If not, set the
      necessary application variables and initialize the app --->
<cflock timeout="30" throwontimeout="No" type="ReadOnly" scope="Application">
  <cfset IsInitialized = IsDefined('application.Initialized')>
</cflock>            
      <cfset application.StyleSheet1 = " http://global-nav.tsl.telus.com/css/style.css">      
      <cfset application.StyleSheet2 = " http://localhost/CFFiles/RM/CommonCode/RMStyle.css">


<cfif not IsInitialized>
  <cflock type="Exclusive" scope="Application" timeout="10">
    <cfif not IsDefined('application.Initialized')>
      <cfset application.DataSource = "RiskManagement">
      <cfset application.AdminEmail = " [EMAIL PROTECTED]">
      <cfset application.Initialized = true>
      <cfset application.Home = " http://localhost/CFFiles/RM/home.htm">
      <cfset application.RMImages = " http://localhost/CFFiles/RM/Images">
      <cfset application.RMSecurity = " http://localhost/CFFiles/RM/Security">
      <cfset application.DashBoard = " http://localhost/CFFiles/RM/DashBoard">      
      <cfset application.CommonCode = " http://localhost/CFFiles/RM/CommonCode">            
      <cfset application.StyleSheet1 = " http://global-nav.tsl.telus.com/css/style.css">      
      <cfset application.StyleSheet2 = " http://localhost/CFFiles/RM/CommonCode/RMStyle.css">
    </cfif>
  </cflock>
</cfif>


<!--- Include global templates --->
<cfinclude template="/CommonCode/MessageHandling.cfm">


<!--- If the user clicked the logout link, log them out --->
<cfif IsDefined("URL.Logout")>
  <!--- Log out the user --->
  <cflogout>
  <cfset msg="Thank you for using the Risk Management Dashboard">
  <cfinclude template="/RMSecurity/login.cfm">
  <cfoutput>
   #MessageHandler(0,"#msg#",0)#
  </cfoutput>
  <cfset StructClear(session)>
  <cfabort>
</cfif>


<!--- Call the CFLOGIN tag. The body is only run if the client is NOT logged in. which
  is done using the CFLOGINUSER tag farther down the stack. --->


<cflogin idletimeout="1800" applicationtoken="MyDashboard" cookiedomain="telus.com">
            
<!--- If the cflogin structure does not exist, send the user to the login form. --->
  <cfif not IsDefined("cflogin")>
   <cfoutput>
    <cfinclude template="/RMSecurity/login.cfm">
    </cfoutput>
    <cfabort>
  <cfelse>
  
    <!--- If for some reason username or password is blank, send the user back
          to the login form. --->
    <cfif cflogin.Name is "" or cflogin.Password is "">
       <cfinclude template="/RMSecurity/login.cfm">
       <cfoutput>
      <cfset emsg="You must enter text in both the Username and Password fields.">
   #ErrorMessageHandler("2","#emsg#","None","0",0)#
  </cfoutput>
</cfif>
  
    <!--- Perform the user validation --->
    <cfquery name="ValidateUser" datasource="#application.DataSource#">
        SELECT userId,user,userLastName,userFirstName,lastDateAccessed
        FROM User
        WHERE User = '#cflogin.Name#'
    </cfquery>
     
    <!--- if there not in the user table, they don't have access to the application --->
    <cfif ValidateUser.RecordCount is 0>
  <cfoutput>
        <cfinclude template="/RMSecurity/login.cfm">
   <cfset emsg="You do not have access to this application.">
   #ErrorMessageHandler("0","#emsg#","None","0",0)#
  </cfoutput>
</cfif>
        
  <cfset login_passed = false>


  <!--- get the user dn from the LDAP. If the server is not there an exception is thrown --->
  <cftry>
  <cfldap
   server="xxxxxxxxxx"
   port="389"
   action="">    name="qry_ldapuser"
   scope="SUBTREE"
   start="xxxxxxxx"
   filter="uid=#cflogin.Name#"
   attributes = "dn,employeenumber,displayname">
  <cfcatch>
   <cfoutput>
    <cfinclude template="/RMSecurity/login.cfm">
    <cfset emsg="Error connecting to corporate LDAP server. Please try again in a few minutes.">
    #ErrorMessageHandler("0","#emsg#","None","0",0)#
   </cfoutput>
  </cfcatch>
  </cftry>


  <cfif qry_ldapuser.recordcount gt 0>
  <!--- initialize --->
  <cfset login_passed = true>


  <!--- try authenticating against the LDAP with the dn and password --->
  <cftry>
   <cfldap
    server="xxxxxxxx"
    port="636"
    action="">     name="qry_ldap"
    scope="SUBTREE"
    start="#qry_ldapuser.dn#"
    username="#qry_ldapuser.dn#"
    password="#cflogin.Password#"
    secure="CFSSL_BASIC,C:\My Documents\ColdFusion\Cert\cert7.db"
    attributes="dn">


   <!--- if there's an error thrown, that means the user/pwd pair failed to authenticate --->
   <cfcatch>
    <cfinclude template="/RMSecurity/login.cfm">
    <cfoutput>
     <cfset emsg="LDAP Id and password don't match.">
     #ErrorMessageHandler("1","#emsg#","None","0",0)#
    </cfoutput>
   </cfcatch>
  </cftry>
  </cfif>
     
    <!--- Get the users Roles --->
    <cfquery name="GetRoles" datasource="#application.DataSource#">
        SELECT privilegeName
        FROM userPrivilege,privilege
        WHERE userPrivilege.userId = #ValidateUser.userId#
        and   userPrivilege.privilegeId = privilege.privilegeId
    </cfquery>
   
    <!--- get privileges and put them into a list. Need to strip off spaces  before doing so. --->
    <cfset privs = ValueList(GetRoles.privilegeName)>
    <cfset privs1 = "">
   
    <CFLOOP Index="LoopCount" From="1" To="#ListLen(privs)#">
     <cfset privs1 = ListAppend(privs1,trim(ListGetAt(privs,LoopCount)))>
    </cfloop>
      
    <cfloginuser name="#cflogin.Name#" password="#cflogin.Password#" roles="#privs1#">
   
    <!--- Create session variables --->
    <cflock name="sLogin_Lock" timeout="30" type="Exclusive">
   <cfset session.addtoken = "cfid=#client.cfid#&cftoken=#client.cftoken#">
       <cfset session.clientInfo = structNew()>
         <cfset session.clientInfo.lastName = ValidateUser.userLastName>
         <cfset session.clientInfo.firstName = ValidateUser.userFirstName>
         <cfset session.clientInfo.lastDateAccessed = ValidateUser.lastDateAccessed>
     </cflock>
        
     <!--- If save username box is checked, set cookie --->
     <cfif IsDefined('form.SaveUsername')>
          <cfcookie name="DashBoardUsername" value="#cflogin.Name#">
     </cfif>
  </cfif>     
</cflogin>

-----Original Message-----
From: Raymond Camden [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 13, 2003 7:54 AM
To: CF-Talk
Subject: RE: cflogin/cflogout

> I've seen lots of discussion on the cflogin issues, but I
> haven't seen a resolution. Sounds like the same problem I'm
> having. It doesn't look like cflogout is clearing the old
> session. Login works fine on initial call - I'm
> authenticating against our LDAP server, then using cflogin
> and cfloginuser. I'm setting up session variables and setting
> my roles. I then logout. When I log back in, I get the same
> session variables and the same roles, even if things have

Note that the use of cflogin/cflogout will do _nothing_ to your session
vars. While it _can_ be stored in the session scope (CFMX 6.1), if you
do

<cflogin.....>
<cfset session.foo = 1>

and then

<cflogout>

The value of session.foo will not change.

> changed. To further experiment, I used a StructClear(session)
> to get rid of all my session variables on logout. When I log
> back in, I get no session variables at all - they're built
> within cflogin. The cflogin tag is not executing - I can't
> get any code within that space to run unless I have recycled
> the MX server. I can't get it to output anything to browser.
> So I have to conclude that cflogout is not ending my session
> correctly.

Can you show the code?

  _____  


[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]

Reply via email to