whenever it's used, but it's not a big deal either way. I take back what I
said about it purely being a conditional check tag... obviously it does a
little more if you think about it's attributes, but I don't think it's a big
deal one way or the other. The fact that there is no longer an
isAuthenticated() function, as you mention, is a much bigger deal (and it's
re-introduction would put this debate to rest as well).
~Simon
Simon Horwith
CTO, Etrilogy Ltd.
Member of Team Macromedia
Macromedia Certified Instructor
Certified Advanced ColdFusion MX Developer
Certified Flash MX Developer
CFDJList - List Administrator
http://www.how2cf.com/
-----Original Message-----
From: Raymond Camden [mailto:[EMAIL PROTECTED]
Sent: 06 February 2004 17:19
To: CF-Talk
Subject: RE: Another CFLogin issue - Roles
> I guess what I don't understand is why you think <cflogin>
> should not be used as a log-in check. That's exactly what it
> is (and that's all that it is). GetAuthUser(), by
> definition, returns the username of the current user. You
> happen to be able to use both to determine whether or not
> someone is logged-in... I'm not sure whether there's any
> performance difference between the two (I'd think <cflogin>
> would be quicker in determining if someone's logged-in, but
> the difference would never be significant enough to matter
> anyway). So I guess it's really just a personal preference
> thing. I use both... if I'm in the display layer, I like
> <cflogin>. If I'm anywhere else, I generally use
> getAuthUser().... primarily because so much of my code is <cfscript>.
I don't think I quite made my point clear. I'm not saying <cflogin>
shouldn't be used as a login check - obviously you can use it to force
login
when a person isn't logged in. My feeling was that it should not be used
PURELY as a conditional, ie,
<cflogin>
display stuff here for non logged in users
</cflogin>
It should be used as a conditional check for login that _also_ handles the
login of the user, potentially aborting the process. etc.
Obviously a nitpicky difference and something I don't expect others to
agree
with. ;)
So, someone go to the Macromedia forum and request for a "real"
isAuthenticated() function.
Btw - as a side note (I blogged this before so sorry for repeating
myself) -
be careful when writing security related UDFs. As you know, getAuthUser()
returns an empty string if you aren't logged in. You may be tempted to
write
this UDF:
function isAuthenticated() {
return getAuthUser() neq "";
}
However, if you try to call it (there is no bug with just declaring it),
you
get:
Function isAuthenticated is not supported in ColdFusion MX.
Why? IsAuthenticated() was one of the old Advanced Security funcitons. AS
was removed in MX. However, instead of just removing the functions, CF
actually has a "hook" in it so even if you define your own UDF, you can't
call it. (And yes, I've already reported this. :)
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
