I'm attempting to validate the user that's trying to access my application by evaluating the username that they're logged into the network as using CGI.remote_user. The first thing I do is I put a check in Application.cfm (so that this gets checked on every page access) that looks like this:
<cfif not isDefined("SESSION.loggedIn")>
<cflocation url="" addToken="No" />
</cfif>
Now, what that's telling me, is that it *should*, on every page accessed, check to see if a session variable called loggedIn exists, and if it doesn't, redirect the user to sessionStart.cfm which will evaluate their username using CGI.username, use that to query the database to see if they're in a table that has a record for each user that should have access to the application. If their username is not found in the database, they're redirected to accessDenied.cfm, which simply informs them that they are not allowed access to the application. If their username *is* found, then it sets some session variables for their session, including and especially one called SESSION.loggedIn, and then redirects them back to the default page for the application to get them started. My code in sessionStart.cfm looks like this:
<cfset loggedInUser = "#ucase(right(CGI.remote_user, len(CGI.remote_user) - find("\", CGI.remote_user)))#">
<cfquery
name="checkAuth"
dataSource=#dataSource#>
SELECT count(*) xists
FROM my_users_table
WHERE upper(username) = upper('#loggedInUser#')
</cfquery>
<cfset isAuthorized = #checkAuth.xists#>
<cfif isAuthorized eq 0>
<cflocation url="" addToken="No" />
<cfelse>
<cfquery
name="getUserRole"
dataSource=#dataSource#>
SELECT role
FROM my_users_table
WHERE upper(username) = upper('#loggedInUser#')
</cfquery>
<cfset SESSION.loggedIn = "true">
<cfset SESSION.username = "#loggedInUser#">
<cfset SESSION.role = "#getUserRole.role#">
<cflocation url="" addToken="No" />
</cfif>
Problem is, it's not working. For the longest time I was getting some stupid redirect loop happening, and I can't even remember what I did to stop that, but it's not doing that anymore. Now, whenever I try to access the default page to start a new session, I simply get a blank page - unhandled exception/error or something like that, because I get an e-mail sent to me from the ColdFusion administrator informing me that "Element USERNAME is undefined in SESSION." I don't get it. This *should* be working, but nothing I try or change or do is making it work. What am I doing wrong? Doesn't what I've done here make sense? I've walked through the code line by line and desk-checked it 20 times, and it makes sense to me. I'm obviously missing something, what is it?
<.YEX.>
/*
|| Robert D. Yexley
|| Oracle Programmer/Analyst
|| Northrop Grumman IT
|| Contractor - Wright Research Site MIS
|| Det-1 AFRL/WSI Bldg. 45 Rm. 062
|| Commercial: 937.255.1984
|| DSN: 785.1984
|| [EMAIL PROTECTED]
|| <)))><
*/
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
