<.YEX.>
<)))><
-----Original Message-----
From: Hagan, Ryan Mr (Contractor ACI) [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 28, 2004 11:10 AM
To: CF-Talk
Subject: RE: Problems logging a user in properly
Make sure you've started session management has been turned on for the
application.
Do this by setting "sessionmanagement" and "sessiontimeout" vars in your
<cfapplication> tag:
<cfapplication name="myApp" sessionmanagement="yes"
sessiontimeout="#createtimespan(0,1,0,0)#">
-----Original Message-----
From: Yexley Robert D Contr AFRL/PROE [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 28, 2004 11:05 AM
To: CF-Talk
Subject: Problems logging a user in properly
According to everything I've read in the documentation, on the ColdFusion
Support forums, and elsewhere on the web, what I'm trying to do *should*
work fine, but it's not. Any help/ideas would be greatly appreciated.
I'm attempting to validate the user that's trying to access my application
by evaluating the username that they're logged into the network as using
CGI.remote_user. The first thing I do is I put a check in Application.cfm
(so that this gets checked on every page access) that looks like this:
<cfif not isDefined("SESSION.loggedIn")>
<cflocation url="" addToken="No" />
</cfif>
Now, what that's telling me, is that it *should*, on every page accessed,
check to see if a session variable called loggedIn exists, and if it
doesn't, redirect the user to sessionStart.cfm which will evaluate their
username using CGI.username, use that to query the database to see if
they're in a table that has a record for each user that should have access
to the application. If their username is not found in the database, they're
redirected to accessDenied.cfm, which simply informs them that they are not
allowed access to the application. If their username *is* found, then it
sets some session variables for their session, including and especially one
called SESSION.loggedIn, and then redirects them back to the default page
for the application to get them started. My code in sessionStart.cfm looks
like this:
<cfset loggedInUser = "#ucase(right(CGI.remote_user, len(CGI.remote_user) -
find("\", CGI.remote_user)))#">
<cfquery
name="checkAuth"
dataSource=#dataSource#>
SELECT count(*) xists
FROM my_users_table
WHERE upper(username) = upper('#loggedInUser#')
</cfquery>
<cfset isAuthorized = #checkAuth.xists#>
<cfif isAuthorized eq 0>
<cflocation url="" addToken="No" />
<cfelse>
<cfquery
name="getUserRole"
dataSource=#dataSource#>
SELECT role
FROM my_users_table
WHERE upper(username) = upper('#loggedInUser#')
</cfquery>
<cfset SESSION.loggedIn = "true">
<cfset SESSION.username = "#loggedInUser#">
<cfset SESSION.role = "#getUserRole.role#">
<cflocation url="" addToken="No" />
</cfif>
Problem is, it's not working. For the longest time I was getting some stupid
redirect loop happening, and I can't even remember what I did to stop that,
but it's not doing that anymore. Now, whenever I try to access the default
page to start a new session, I simply get a blank page - unhandled
exception/error or something like that, because I get an e-mail sent to me
from the ColdFusion administrator informing me that "Element USERNAME is
undefined in SESSION." I don't get it. This *should* be working, but nothing
I try or change or do is making it work. What am I doing wrong? Doesn't what
I've done here make sense? I've walked through the code line by line and
desk-checked it 20 times, and it makes sense to me. I'm obviously missing
something, what is it?
<.YEX.>
/*
|| Robert D. Yexley
|| Oracle Programmer/Analyst
|| Northrop Grumman IT
|| Contractor - Wright Research Site MIS
|| Det-1 AFRL/WSI Bldg. 45 Rm. 062
|| Commercial: 937.255.1984
|| DSN: 785.1984
|| [EMAIL PROTECTED]
|| <)))><
*/
_____
_____
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
