Application.cfm. When you load sessionStart.cfm, the application.cfm
code gets run, and you cflocation to sessionStart, where the
application.cfm code gets run, and you cflocation.......
Whatever you did to "fix" the loop may have broken something, either so
that it never cflocations, or so that when the session variables are
created they aren't associated with that application.
HTH.
--Ben Doom
Yexley Robert D Contr AFRL/PROE wrote:
> According to everything I've read in the documentation, on the
> ColdFusion Support forums, and elsewhere on the web, what I'm trying to
> do *should* work fine, but it's not. Any help/ideas would be greatly
> appreciated.
>
> I'm attempting to validate the user that's trying to access my
> application by evaluating the username that they're logged into the
> network as using CGI.remote_user. The first thing I do is I put a check
> in Application.cfm (so that this gets checked on every page access) that
> looks like this:
>
> <cfif not isDefined("SESSION.loggedIn")>
> <cflocation url="" addToken="No" />
> </cfif>
>
> Now, what that's telling me, is that it *should*, on every page
> accessed, check to see if a session variable called loggedIn exists, and
> if it doesn't, redirect the user to sessionStart.cfm which will evaluate
> their username using CGI.username, use that to query the database to see
> if they're in a table that has a record for each user that should have
> access to the application. If their username is not found in the
> database, they're redirected to accessDenied.cfm, which simply informs
> them that they are not allowed access to the application. If their
> username *is* found, then it sets some session variables for their
> session, including and especially one called SESSION.loggedIn, and then
> redirects them back to the default page for the application to get them
> started. My code in sessionStart.cfm looks like this:
>
> <cfset loggedInUser = "#ucase(right(CGI.remote_user,
> len(CGI.remote_user) - find("\", CGI.remote_user)))#">
> <cfquery
> name="checkAuth"
> dataSource=#dataSource#>
> SELECT count(*) xists
> FROM my_users_table
> WHERE upper(username) = upper('#loggedInUser#')
> </cfquery>
> <cfset isAuthorized = #checkAuth.xists#>
> <cfif isAuthorized eq 0>
> <cflocation url="" addToken="No" />
> <cfelse>
> <cfquery
> name="getUserRole"
> dataSource=#dataSource#>
> SELECT role
> FROM my_users_table
> WHERE upper(username) = upper('#loggedInUser#')
> </cfquery>
> <cfset SESSION.loggedIn = "true">
> <cfset SESSION.username = "#loggedInUser#">
> <cfset SESSION.role = "#getUserRole.role#">
> <cflocation url="" addToken="No" />
> </cfif>
>
> Problem is, it's not working. For the longest time I was getting some
> stupid redirect loop happening, and I can't even remember what I did to
> stop that, but it's not doing that anymore. Now, whenever I try to
> access the default page to start a new session, I simply get a blank
> page - unhandled exception/error or something like that, because I get
> an e-mail sent to me from the ColdFusion administrator informing me that
> "Element USERNAME is undefined in SESSION." I don't get it. This
> *should* be working, but nothing I try or change or do is making it
> work. What am I doing wrong? Doesn't what I've done here make sense?
> I've walked through the code line by line and desk-checked it 20 times,
> and it makes sense to me. I'm obviously missing something, what is it?
>
> <.YEX.>
>
> /*
> || Robert D. Yexley
> || Oracle Programmer/Analyst
> || Northrop Grumman IT
> || Contractor - Wright Research Site MIS
> || Det-1 AFRL/WSI Bldg. 45 Rm. 062
> || Commercial: 937.255.1984
> || DSN: 785.1984
> || [EMAIL PROTECTED]
> || <)))><
> */
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
