Re: cflogin and load balancing

[dcooper]

Just to complete this thread, since it's been linked to by several folks:

One customer in particular had issues ad we walked them through their code 
issues.  In particular, the following problems were found that prevented 
CFLOGIN working in a clustered environment:

- There are nested cflogin tags.  
Resolution: Remove the cflogin code in login.cfm

- CFLoginUser is not executed in onRequestStart.  
Resolution: do user validation in onRequestStart instead of in login.cfm

- Checking a session variable (which is replicated in a cluster) to decide if 
login code should be executed.
Resolution: Don’t do this; always check if the cflogin scope exists (see docs 
and sample code).

Here is some example code, note that this is onRequest, not onRequestStart.  
Either will work.

<cffunction name="onRequest">
<cflogin>
            <cfif not isDefined("cflogin.name") and not 
isDefined("cflogin.password")>
                        <cfinclude template="login.cfm">
                        <cfreturn />
            <cfelse>
                        <!--- we have the user credentials, so let's 
reAuthenticate and get the roles for this user and set permissions for this 
instance of the server. --->
                        <cfquery name="qAuth" datasource="#request.dsn#">
                                    select u.userid
                                    from users u
                                    where username = <cfqueryparam 
cfsqltype="cf_sql_varchar" value="# cflogin.name#">
                                    and password = <cfqueryparam 
cfsqltype="cf_sql_varchar" value="# cflogin.password#">
                        </cfquery>
                        <cfif qAuth.recordCount eq 0>
                                    <cfinclude template="login.cfm">
                                    <cfreturn />
                        <cfelse>
                                    <cfloginuser name="# cflogin.name#" 
password="# cflogin.password#" roles="Administrator">
                                    <!--- if the login is good, include the 
requested template --->
                                    <cfinclude template="#arguments.url#">
                                    <cfreturn />
                        </cfif>
            </cfif>
</cflogin>
</cffunction>

For more sample CFLOGIN code, see the CF Developers Guide:

  http://livedocs.macromedia.com/coldfusion/7/htmldocs/00001181.htm  

HTH

Damon








>On 3/23/06, wolf2k5 <[EMAIL PROTECTED]> wrote:
>> But I still wonder why the cflogin cookie includes the full login info
>> (username/password base64 encoded), what does it need to then?
>
>I stand corrected again!
>
>I did further testing and the cflogin/cfloginuser code will
>automatically login the user on the second server if the user has the
>cflogin cookie from the first server.
>
>It looks like using cflogin (set to use cookies) correctly will work
>for my setup with mutiple servers not clustered, even if it's not very
>secure (since the cookie includes the username/password).
>
>Regards.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:241364
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54