Hi gang,
I using a login script in my Application.cfc that authenticates using
cfntauthenticate to verify username password, then use cflogin to
actually login to the site. I use session variables throughout the site
to determine what users can and can't access. The problem I am running
into is with session time outs and trying to login from more than one
location. For instance, I have session variables set to time-out after
1 hour. However, the user stays logged into the system even after the
session variables have been trashed, and because of this the site
generates errors unless they actually pass a ?logout=1 parameter through
the URL.
On my old site I was not authenticating against an Active Directory, and
just using queries to verify login credentials. I had no problems with
session variables, and if the user was inactive for X number of minutes
the script would kick them back to the login screen.
How would I do this using cflogin and cfntauthenticate? Below are
snippets of my Application.cfc.
Thanks for any help in advance!
----- Application.cfc Snippet -----
<cfcomponent output="false">
<cfset this.name="application">
<cfset this.Sessionmanagement=true>
<cfset this.sessiontimeout="#Createtimespan(0,1,0,0)#">
<cffunction name = "onRequestStart">
<cfargument name = "thisRequest" required="true"/>
<!--- If this page is executing in response to the user clicking a
logout link,
log out the user. The cflogin tag code will then run. --->
<cfif IsDefined("URL.logout") AND URL.logout>
<cflogout>
<cflocation url="https://#CGI.SERVER_NAME#/";>
</cfif>
<!--- The cflogin body code runs only if a user is not logged in. --->
<cflogin>
<!--- cflogin variable exists only if login credentials are available. --->
<cfif NOT IsDefined("cflogin")>
<!--- Show a login form that posts back to the page whose request
initiated the login, and do not process the rest of
this page. --->
<cfinclude template="login.cfm">
<cfabort>
<cfelse>
<!--- Trim any leading or trailing spaces from the username and password
submitted by the form. --->
<cfset theusername=trim(form.j_username)>
<cfset thepassword=trim(form.j_password)>
<cfset thedomain=trim(form.domain)>
<cfntauthenticate username="#theusername#" password="#thepassword#"
domain="#thedomain#" result="authresult"
listgroups="yes">
<!--- authresult.auth is True if the user is authenticated. --->
<cfif authresult.auth>
<!--- Log user in to ColdFusion and set roles to the user's Groups. --->
<cfloginuser name="#theusername#" password="#thepassword#"
roles="#authresult.groups#">
<cfquery datasource="#application.ds#" name="getUser">
SELECT *
FROM logins
WHERE UserName = '#theusername#'
</cfquery>
<!--- if user is authenticated, but does not exist in database,
insert them with default data --->
<cfif getUser.recordcount lt 1>
<cfquery datasource="#application.ds#" name="insertNewUser">
INSERT INTO logins (UserName, AccountType, CashRec)
VALUES ('#theusername#', 1, 0)
</cfquery>
<cfquery datasource="#application.ds#" name="getUser2">
SELECT *
FROM logins
WHERE UserName = '#theusername#'
</cfquery>
<cfset session.auth = structNew()>
<cfset session.auth.isLoggedIn = "Yes">
<cfset session.auth.contactID = "#getUser2.ID#">
<cfset session.auth.AccountType = "#getUser2.AccountType#">
<cfset session.auth.CashRec = "#getUser2.CashRec#">
<!--- if user is authenticated and they exist in database, fetch
their info --->
<cfelse>
<cfset session.auth = structNew()>
<cfset session.auth.isLoggedIn = "Yes">
<cfset session.auth.contactID = "#getUser.ID#">
<cfset session.auth.FirstName = "#getUser.FirstName#">
<cfset session.auth.LastName = "#getUser.LastName#">
<cfset session.auth.AccountType = "#getUser.AccountType#">
<cfset session.auth.OfficeNum = "#getUser.Office#">
<cfset session.auth.CashRec = "#getUser.CashRec#">
</cfif>
<cfelse>
<!--- The user was not authenticated.
Display an error message and the login form. --->
<cfoutput>
<cfif authresult.status IS "AuthenticationFailure">
<!--- The user is valid, but not the password. --->
<H2>The password for#theusername#is not correct<br>
Please Try again</H2>
<cfelse>
<!--- There is one other status value, invalid user name. --->
<H2>The user name#theusername#is not valid<br>
Please Try again</H2>
</cfif>
</cfoutput>
<cfinclude template="loginform.cfm">
<cfabort>
</cfif>
</cfif>
</cflogin>
<cfparam name="page" default="includes/defaultbody">
<cfparam name="dir" default="">
<!--- header template --->
<cfinclude template="includes/header.cfm">
<cfreturn true>
</cffunction>
<cffunction name="onRequestEnd" returntype="void" output="true">
<!--- footer template --->
<cfinclude template="includes/footer.cfm">
</cffunction>
</cfcomponent>
--
Steve Good
[EMAIL PROTECTED]
Portal Hosting
http://www.lanctr.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Upgrade to Adobe ColdFusion MX7
The most significant release in over 10 years. Upgrade & see new features.
http://www.adobe.com/products/coldfusion?sdid=RVJR
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:279893
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
