The way I deal with this is to use a CFC that stays in the session
scope. However, I usually don't use the CFLOGIN framework, and my
answers may reflect this, but I image you could adapt it pretty
quickly.
My opinions on the two questions:
1. Yup, I'd validate the result of the query inside the CFC
itself....leading to...
2. I'd place the CFLOGIN code after the query inside the CFC. I'd
first CFLOGOUT the person regardless, and I'd return whether or not it
was a valid login as a boolean. Sorta like this:
<cffunction access="public" returnType="boolean" name="authenticate">
<cfargument name="username" required="true" type="string">
<cfargument name="password" required="true" type="string">
<cfset var tmpQuery = "">
<cflogout>
<cfquery datasource="#instance.dsn#" name="tmpQuery">
SELECT userId FROM users WHERE ....<!--- you know the drill --->
</cfquery>
<cfif tmpQuery.recordCount eq 1>
<cflogin...>
<cfreturn true>
<cfelse>
<cfreturn false>
</cfif>
</cffunction>
-joe
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]

