When you are testing the system and you are on the 'login' page for the second time, are you able to type the name of a login protected page into the url and view it? In other words, when you are looking at the login page are you actually already logged in, or does the system still see you as logged out?
-- William E. Seiter Have you ever read a book that changed your life? Go to: www.winninginthemargins.com Enter passkey: goldengrove Web Developer / ColdFusion Programmer http://William.Seiter.com -----Original Message----- From: Steve Durette [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 13, 2008 4:09 AM To: CF-Talk Subject: Strange happenings in a login. CFMX 6.1 Sorry if this double posts, but I sent it yesterday and it never made it to the list. All, I have a really weird thing happening with a login that I have for a site I have built. This site is on a server I don't control, I don't have access to CFA. Here is what happens. When I go to the site, the Application.cfm detects that a session variable isn't created or is empty and sends the site to the login screen. This works fine. What happens is, I log in, then the login screen comes back. I have to login again to get to the site. The really weird thing is that I have some code in OnRequestEnd.cfm that displays a bunch of cfdumps if the logged in user is my id. When the login page comes up the second time, it has all of the cfdump info. That makes me think that I'm logged in, but something else is going wrong. Can anyone see anything below? I can't find the problem and I've been looking at it for 3 days. By the way, it doesn't do this on my development box. Here are the relevant code snippets. (Note, I've tried Session, Client, and Request variables and it all happens the same). ----------------------- /PowerCo/Application.cfm ----------------------- <cfapplication name="PowerCoCERM" applicationtimeout="#CreateTimeSpan("0", "0", "45", "0")#" sessiontimeout="#CreateTimeSpan("0", "0", "45", "0")#" sessionmanagement="YES" clientmanagement="Yes" setclientcookies="Yes"> <cfparam name="Variables.inLogin" default="false" type="boolean" /> <!--- Create the User info Session variable ---> <cfif not StructKeyExists(Session, "LoggedIn")> <cflock scope="Session" type="EXCLUSIVE" timeout="1"> <cfset Session.loggedIn = false /> </cflock> </cfif> <cfif not structKeyExists(Session,"UserInfo")> <cflock name="Session.UserInfo" type="Exclusive" timeout="1"> <cfset Session.UserInfo = structNew() /> </cflock> <cfinclude template="login\resetSession.cfm" /> </cfif> <!--- Create the Request and Client versions of the LoggedIn variable ---> <cfif not isDefined("Request.LoggedIn")> <cfset Request.LoggedIn = false /> </cfif> <cfif not isDefined("Client.LoggedIn")> <cfset Client.LoggedIn = false /> </cfif> <!--- Create the necessary Application Variables. ---> <cfif not structKeyExists(Application, "rootURL")> <cflock name="Application.rootURL" type="exclusive" timeout="1"> <cfset Application.rootURL = "https://"; & cgi.HTTP_HOST & "/PowerCo/" /> </cflock> </cfif> <!--- Check if the person is logged in ---> <cfif (not Session.LoggedIn) and (not client.LoggedIn) and (not request.LoggedIn)> <cfif not Variables.inLogin> <!--- <h1>Something went wrong!</h1> ---> <cflocation addtoken="true" url="#Application.rootURL#login/login.cfm" /> </cfif> </cfif> --------------------- /PowerCo/login/Application.cfm --------------------- <cfsilent> <cfset Variables.inLogin = true /> <cfset Variables.pageTitle = "Login" /> </cfsilent> <cfif isDefined("Session.loggedIn") and Session.loggedIn> <cflocation addtoken="No" url="/PowerCo/main.cfm" /> </cfif> <cfinclude template="..\Application.cfm" /> ---------------------- /PowerCo/login/login.cfm ---------------------- <h2>Login</h2> <form action="login_action.cfm" method="post"> <table id="login" class="table-style"> <tr> <th colspan="2" style="text-align: center;"><h5 class="gray">Please log in</h5></th> </tr> <tr> <th>User ID:</th> <td><input name="userId" type="text" id="userId" /></td> </tr> <tr> <th>Password:</th> <td><input name="userPass" type="password" id="userPass" /></td> </tr> <tr> <td colspan="2" style="text-align: center;"><input type="submit" name="Submit" value="Submit" /></td> </tr> </table> <p align="center"> <a href="forgotpassword.cfm">Forgot Password</a> | <a href="requestlogin.cfm">Request Access</a> </p> </form> ------------------------ /PowerCo/login/login_action.cfm ------------------------ <cfparam name="form.userId" default="" type="string" /> <cfparam name="form.userPass" default="" type="string" /> <cfparam name="Variables.myRedirect" default="" type="string" /> <cfset Variables.userPass = "" /> <cfif len(form.userPass)> <cfset Variables.userPass = urlEncodedFormat(encrypt(form.userPass, Application.encryptKey)) /> </cfif> <cfinclude template="resetSession.cfm" /> <cfquery name="checkUser" datasource="#Application.dataSource#"> select [users_id] userId from [users] where [email_address] = <cfqueryparam cfsqltype="cf_sql_varchar" value="#form.userId#" /> and [user_password] = <cfqueryparam cfsqltype="cf_sql_varchar" value="#Variables.userPass#" /> and [disabled] = 0; </cfquery> <cfif checkUser.recordCount> <cfquery name="getUserInfo" datasource="#Application.dataSource#"> select [first_name] ,[email_address] email ,[useradmin] ,[user_password] ,[tbl_power_co_users_id] [userId] from [users] where [disabled] = 0 and [users_id] = <cfqueryparam cfsqltype="cf_sql_integer" value="#checkUser.userId[1]#" /> </cfquery> <cfif getUserInfo.recordCount> <cfset Request.LoggedIn = true /> <cfset Client.LoggedIn = true /> <cflock name="Session.LoggedIn" type="EXCLUSIVE" timeout="1"> <cfset Session.LoggedIn = true /> </cflock> <cflock name="Session.UserInfo" type="exclusive" timeout="1"> <cfset Session.UserInfo.userId = Variables.getUserInfo.userId[1] /> <cfset Session.UserInfo.firstName = Variables.getUserInfo.first_name[1] /> <cfset Session.UserInfo.email = Variables.getUserInfo.email[1] /> <cfset Session.UserInfo.useradmin = Variables.getUserInfo.useradmin[1] /> <cfset Session.UserInfo.encryptPswd = Variables.getUserInfo.user_password[1] /> </cflock> </cfif> <cfif Session.UserInfo.userId> <cflocation addtoken="true" url="/PowerCo/main.cfm" /> <cfelse> <cflocation addtoken="true" url="login.cfm" /> </cfif> <cfelse> <cfinclude template="resetSession.cfm" /> <cflocation addtoken="true" url="noaccess.cfm" /> </cfif> -------------- /PowerCo/login/resetSession.cfm -------------- <cfsilent> <cflock scope="Session" type="exclusive" timeout="1"> <cfset structClear(Session.UserInfo) /> <cfset Session.UserInfo.userId = 0 /> <cfset Session.UserInfo.firstName = "" /> <cfset Session.UserInfo.email = "" /> <cfset Session.UserInfo.encryptPswd = "" /> <cfset Session.UserInfo.userAdmin = 0 /> <cfset Session.LoggedIn = false /> </cflock> </cfsilent> ---------------- /PowerCo/login/OnRequestEnd.cfm ---------------- <cfinclude template="..\OnRequestEnd.cfm" /> ---------------- /PowerCo/OnRequestEnd.cfm ---------------- <cfif Session.UserInfo.email is "[EMAIL PROTECTED]" or (isDefined("Request.UserInfo.email") and Request.UserInfo.email is "[EMAIL PROTECTED]") or (isDefined("Client.UserInfo.email") and Client.UserInfo.email is "[EMAIL PROTECTED]")> <cfset Variables.dumpExpand = true /> <cfdump var="#Session#" label="User Info" expand="#Variables.dumpExpand#" /><br /> <cfinclude template="#Application.inclDir#debug.css.cfm" /> <cfdump var="#form#" label="Form Variables" expand="#Variables.dumpExpand#" /><br /> <cfdump var="#URL#" label="URL Variables" expand="#Variables.dumpExpand#" /><br /> <cfdump var="#Variables#" label="Local Variables" expand="#Variables.dumpExpand#" /><br /> <cfdump var="#CGI#" label="CGI Variables" expand="#Variables.dumpExpand#" /><br /> <cfdump var="#client#" label="Client Variables" expand="#Variables.dumpExpand#" /><br /> <cfdump var="#Request#" label="Request Variables" expand="#Variables.dumpExpand#" /><br /> </cfif> Thanks, Steve ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:298930 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
