On Wed, Feb 1, 2012 at 4:28 PM, Eric Williams wrote:
> <CFSCRIPT>
> if(NOT IsDefined("APPLICATION.oUser")){
>
> APPLICATION.oUser=CreateObject("component","#APPLICATION.G.CFC_PATH#User");
> }
> APPLICATION.oUser.DSN=this.DSN;
> </CFSCRIPT>
> <CFSET
> session.RetAuth=APPLICATION.oUser.authenticate(form.Login,form.Password)>
> <CFSET SESSION.UserName=FORM.Login>
I see 3 problems with this code:
1. Why is that authentication component instantiated there instead of
in the onApplicationStart()?
2. You are setting the DSN in a separate call from the authenticate()
call. If your application uses the same DSN all the time, that should
go in the onApplicationStart() as well. If not, the DSN should be an
argument of the authenticate() call.
3. You are setting the session username to whatever was in the login
form instead of what is returned from your authentication call.
I would put money on not needing any locking at all to make this code
thread-safe if you just refactor along those lines.
Jochem
--
Jochem van Dieten
http://jochem.vandieten.net/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349764
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
