Hi!
I've been reading the posts on session management, and sadly, I am still
utterly confused. What compounds my confusion is the fact that I am using
session management in conjunction with an Oracle stored procedure. I must
admit, I'm over my head here--BIG time.
Scenario: I have several screens that only authorized evaluators should be
able to access. All of these evaluator screens are in a folder called
"eval". Similarly, I have a set of screens that only an assigned
administrator should be able to access. Those screens are kept in a folder
called "admin".
Right now I am focusing only on the evaluator pages. I have created
login.cfm and login_action.cfm. The action page supplies two input
parameters to the stored procedure (userid and password, from the form). It
outputs either a session id or an error: "Bad User ID or Password".
I know that I will need to use an include template on any of the pages that
are to be protected by this password. This is where I get lost.
What exactly do I put in this page? How do I get the sessionid from the
login_action.cfm page to this include page? I know I'll need the
application.cfm file, but I'm not sure what else to put in it other than the
cfapplication tag and its attributes.
Here's what I was given by the dba:
------------------------------------------
"In Summary here are the Functions/Procedures We have to date.
PROC: APP_SECURITY.Create_Session( in_usr , in_pwd , sesid )
Input: in_usr, in_pwd (varchar2)
Output: sesid (varchar2)
Returns (Output): SesID OR 'Bad User ID or Password'
(OK, I GOT THIS PART TO WORK OKAY...login.cfm IS ACTUALLY RETURNING A
SESSION ID)
(THIS STUFF IS ALL GREEK TO ME...I know that these are all functions, but
what the heck do I do with them?
FUNC: APP_SECURITY.Renew_session ( sesid, in_pwd)
Input: sesid, in_pwd (varchar2)
Returns: BOOLEAN TRUE OR FALSE
FUNC: DB_APP_STD.chk_ses ( sesid, valid_hrs)
Input: sesid (varchar2)
valid_hrs (number) <Optional, default is 3 hours>
Returns: Varchar2 'UserID' OR NULL
Try SELECT DB_APP_STD.chk_Sess (sesid, 3) from at_users where userid =
'whateverid'
FUNC: DB_APP_STD.cnv_bl ( chk_val)
Input: chk_val (BOOLEAN)
Returns: Varchar2 'TRUE' OR 'FALSE'
Examples:
To Check Session:
select db_app_std.check_session ( 'SesID')
from dual;
Select will return a varchar2 'UserID' OR Null
To Renew Session:
select db_app_std.cnv_bl(app_security.renew_session (
'SesID','UsrPwd'))
from dual;
Select will return a varchar2 'TRUE'/'FALSE' "
----------------------------------------------------
I am so lost. What do I put where, and what gets passed to what to make
sure the user is logged in? <sigh>
I am feeling like such a dork. I know that the dba literally spelled
everything right out for me, but I need some more help with this one.
Any stored proc/session management gurus out there that care to take some
time out to hand-hold a newbie programmer?
Thanks in advance!
Terri
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
