When a client logs in assuming that they have the right password and
username. (This authentication should be done in the application.cfm file)
If the login is correct set a session variable. The session timeout will
kill the session variable after 20 minutes. So you might do this.
<CFIF #queryname.Recordcount# IS 1> One record was returned so they pass
the DB authentication
<CFSET #session.IsLoggedIn = "yes">
<CFELSE>
<CFSET #session.IsLoggedIn = "no">
</CFIF>
That is very basic and there are other factors to consider like sending them
to the proper template if they are right or wrong setting other variable etc
but that should give you the basic idea.
Now for the code to protect the other pages.
<CFIF NOT IsDefined("session.IsLogedIn")>
<CFSET #session.IsLogedIn# = "no">
</CFIF>
<CFIF #session.IsLogedIn# IS "no">
send them back to the login page
</CFIF>
That is rough but it should give you an idea.
----- Original Message -----
From: "Mike Deane" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, August 04, 2000 11:54 AM
Subject: RE: Going right past the login screen
> I have a client CFID and CFTOKEN written to a database. I have no code,
> presently, to manipulate the session variables, only a timeout set to 20
> minutes (in the application.cfm) that seems to have no effect
> whatsoever. Why to I set a session timeout if it doesn't do anything?
> How do I MAKE the session timeout?
>
> Your solution. Do I need to explicitly write a session variable to a
> field in the database? Please give me a little me insight about this
> IsLoggedIn scenario.
>
> Thank you.
> /mdeane
>
> -----Original Message-----
> From: Kevin Schmidt [mailto:[EMAIL PROTECTED]]
> Sent: Friday, August 04, 2000 12:39 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Going right past the login screen
>
>
> Do you have any security features? Are you logging them in against a
> database? If you are using a DB set a session variable like IsLogedIn
> and
> set it to yes when they are logged in or default set it to no. You can
> check against that variable and redirect to the login page if the the
> variable is no.
> ----- Original Message -----
> From: "Mike Deane" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, August 04, 2000 10:03 AM
> Subject: Going right past the login screen
>
>
> > My user can login, then close the browser and return to the page past
> > the login screen (bookmark). What gives, how do I prevent this?
> >
> > Thanks.
> > /mdeane
> >
> ------------------------------------------------------------------------
> --
> ----
> > Archives: http://www.mail-archive.com/[email protected]/
> > To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk
> or
> send a message to [EMAIL PROTECTED] with 'unsubscribe'
> in
> the body.
> >
>
> ------------------------------------------------------------------------
> ------
> Archives: http://www.mail-archive.com/[email protected]/
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk
> or send a message to [EMAIL PROTECTED] with
> 'unsubscribe' in the body.
> --------------------------------------------------------------------------
----
> Archives: http://www.mail-archive.com/[email protected]/
> To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
>
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
