<cfapplication name="DashBoard"
clientmanagement="Yes"
sessionmanagement="Yes"
setclientcookies="Yes"
clientstorage="cookie"
loginstorage="cookie"
sessiontimeout="#CreateTimeSpan(0,0,30,0)#">
<!--- Check to see if the application has been initialized. If not, set the
necessary application variables and initialize the app --->
<cflock timeout="30" throwontimeout="No" type="ReadOnly" scope="Application">
<cfset IsInitialized = IsDefined('application.Initialized')>
</cflock>
<cfset application.StyleSheet1 = " http://global-nav.tsl.telus.com/css/style.css">
<cfset application.StyleSheet2 = " http://localhost/CFFiles/RM/CommonCode/RMStyle.css">
<cfif not IsInitialized>
<cflock type="Exclusive" scope="Application" timeout="10">
<cfif not IsDefined('application.Initialized')>
<cfset application.DataSource = "RiskManagement">
<cfset application.AdminEmail = " [EMAIL PROTECTED]">
<cfset application.Initialized = true>
<cfset application.Home = " http://localhost/CFFiles/RM/home.htm">
<cfset application.RMImages = " http://localhost/CFFiles/RM/Images">
<cfset application.RMSecurity = " http://localhost/CFFiles/RM/Security">
<cfset application.DashBoard = " http://localhost/CFFiles/RM/DashBoard">
<cfset application.CommonCode = " http://localhost/CFFiles/RM/CommonCode">
<cfset application.StyleSheet1 = " http://global-nav.tsl.telus.com/css/style.css">
<cfset application.StyleSheet2 = " http://localhost/CFFiles/RM/CommonCode/RMStyle.css">
</cfif>
</cflock>
</cfif>
<!--- Include global templates --->
<cfinclude template="/CommonCode/MessageHandling.cfm">
<!--- If the user clicked the logout link, log them out --->
<cfif IsDefined("URL.Logout")>
<!--- Log out the user --->
<cflogout>
<cfset msg="Thank you for using the Risk Management Dashboard">
<cfinclude template="/RMSecurity/login.cfm">
<cfoutput>
#MessageHandler(0,"#msg#",0)#
</cfoutput>
<cfset StructClear(session)>
<cfabort>
</cfif>
<!--- Call the CFLOGIN tag. The body is only run if the client is NOT logged in. which
is done using the CFLOGINUSER tag farther down the stack. --->
<cflogin idletimeout="1800" applicationtoken="MyDashboard" cookiedomain="telus.com">
<!--- If the cflogin structure does not exist, send the user to the login form. --->
<cfif not IsDefined("cflogin")>
<cfoutput>
<cfinclude template="/RMSecurity/login.cfm">
</cfoutput>
<cfabort>
<cfelse>
<!--- If for some reason username or password is blank, send the user back
to the login form. --->
<cfif cflogin.Name is "" or cflogin.Password is "">
<cfinclude template="/RMSecurity/login.cfm">
<cfoutput>
<cfset emsg="You must enter text in both the Username and Password fields.">
#ErrorMessageHandler("2","#emsg#","None","0",0)#
</cfoutput>
</cfif>
<!--- Perform the user validation --->
<cfquery name="ValidateUser" datasource="#application.DataSource#">
SELECT userId,user,userLastName,userFirstName,lastDateAccessed
FROM User
WHERE User = '#cflogin.Name#'
</cfquery>
<!--- if there not in the user table, they don't have access to the application --->
<cfif ValidateUser.RecordCount is 0>
<cfoutput>
<cfinclude template="/RMSecurity/login.cfm">
<cfset emsg="You do not have access to this application.">
#ErrorMessageHandler("0","#emsg#","None","0",0)#
</cfoutput>
</cfif>
<cfset login_passed = false>
<!--- get the user dn from the LDAP. If the server is not there an exception is thrown --->
<cftry>
<cfldap
server="xxxxxxxxxx"
port="389"
action=""> name="qry_ldapuser"
scope="SUBTREE"
start="xxxxxxxx"
filter="uid=#cflogin.Name#"
attributes = "dn,employeenumber,displayname">
<cfcatch>
<cfoutput>
<cfinclude template="/RMSecurity/login.cfm">
<cfset emsg="Error connecting to corporate LDAP server. Please try again in a few minutes.">
#ErrorMessageHandler("0","#emsg#","None","0",0)#
</cfoutput>
</cfcatch>
</cftry>
<cfif qry_ldapuser.recordcount gt 0>
<!--- initialize --->
<cfset login_passed = true>
<!--- try authenticating against the LDAP with the dn and password --->
<cftry>
<cfldap
server="xxxxxxxx"
port="636"
action=""> name="qry_ldap"
scope="SUBTREE"
start="#qry_ldapuser.dn#"
username="#qry_ldapuser.dn#"
password="#cflogin.Password#"
secure="CFSSL_BASIC,C:\My Documents\ColdFusion\Cert\cert7.db"
attributes="dn">
<!--- if there's an error thrown, that means the user/pwd pair failed to authenticate --->
<cfcatch>
<cfinclude template="/RMSecurity/login.cfm">
<cfoutput>
<cfset emsg="LDAP Id and password don't match.">
#ErrorMessageHandler("1","#emsg#","None","0",0)#
</cfoutput>
</cfcatch>
</cftry>
</cfif>
<!--- Get the users Roles --->
<cfquery name="GetRoles" datasource="#application.DataSource#">
SELECT privilegeName
FROM userPrivilege,privilege
WHERE userPrivilege.userId = #ValidateUser.userId#
and userPrivilege.privilegeId = privilege.privilegeId
</cfquery>
<!--- get privileges and put them into a list. Need to strip off spaces before doing so. --->
<cfset privs = ValueList(GetRoles.privilegeName)>
<cfset privs1 = "">
<CFLOOP Index="LoopCount" From="1" To="#ListLen(privs)#">
<cfset privs1 = ListAppend(privs1,trim(ListGetAt(privs,LoopCount)))>
</cfloop>
<cfloginuser name="#cflogin.Name#" password="#cflogin.Password#" roles="#privs1#">
<!--- Create session variables --->
<cflock name="sLogin_Lock" timeout="30" type="Exclusive">
<cfset session.addtoken = "cfid=#client.cfid#&cftoken=#client.cftoken#">
<cfset session.clientInfo = structNew()>
<cfset session.clientInfo.lastName = ValidateUser.userLastName>
<cfset session.clientInfo.firstName = ValidateUser.userFirstName>
<cfset session.clientInfo.lastDateAccessed = ValidateUser.lastDateAccessed>
</cflock>
<!--- If save username box is checked, set cookie --->
<cfif IsDefined('form.SaveUsername')>
<cfcookie name="DashBoardUsername" value="#cflogin.Name#">
</cfif>
</cfif>
</cflogin>
-----Original Message-----
From: Raymond Camden [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 13, 2003 7:54 AM
To: CF-Talk
Subject: RE: cflogin/cflogout
> I've seen lots of discussion on the cflogin issues, but I
> haven't seen a resolution. Sounds like the same problem I'm
> having. It doesn't look like cflogout is clearing the old
> session. Login works fine on initial call - I'm
> authenticating against our LDAP server, then using cflogin
> and cfloginuser. I'm setting up session variables and setting
> my roles. I then logout. When I log back in, I get the same
> session variables and the same roles, even if things have
Note that the use of cflogin/cflogout will do _nothing_ to your session
vars. While it _can_ be stored in the session scope (CFMX 6.1), if you
do
<cflogin.....>
<cfset session.foo = 1>
and then
<cflogout>
The value of session.foo will not change.
> changed. To further experiment, I used a StructClear(session)
> to get rid of all my session variables on logout. When I log
> back in, I get no session variables at all - they're built
> within cflogin. The cflogin tag is not executing - I can't
> get any code within that space to run unless I have recycled
> the MX server. I can't get it to output anything to browser.
> So I have to conclude that cflogout is not ending my session
> correctly.
Can you show the code?
_____
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]

