And to be safer set your application.cfm to NOT setclientcookies. eg:
setclientcookies="no".
Once you setup you datasource for storing the Client variables
(CFID/CFTOKEN) you only have to pass the URLToken between your templates.
Practice makes perfect!!
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Toby
Tremayne
Sent: Monday, 20 August 2001 8:21 PM
To: CF-Talk
Subject: RE: Help with authorise/authenticate/session management
Not at all m8y. Setting client vars to run in a datasource just means that
CFServer will store clients vars in your datasource instead of server
memory or whatever.
If you've got problems with your host (as I do <grin>) the easiest way is
to do this:
write your cfapplication call like this:
<cfapplication
name="myAppName"
clientManagement="yes"
clientStorage="myDataSourceName">
that tells CFServer to store client vars in your datasource. The you'll
need to run this:
<cfquery datasource="myDatasource">
CREATE TABLE [dbo].[CDATA] (
[cfid] [char] (20) NULL ,
[app] [char] (64) NULL ,
[data] [text] NULL
) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
GO
CREATE TABLE [dbo].[CGLOBAL] (
[cfid] [char] (20) NULL ,
[data] [text] NULL ,
[lvisit] [datetime] NULL
) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
GO
</cfquery>
(you might need to alter the sql syntax a little according to your
datasource but this one works for SQL server - just dont change any names
or anything.
That will correctly set up the tables that CFServer uses for client storage.
Now a little explanation - as far as the code is concerned, storing client
variables is no different to storing session or request scoped
variables. The difference is in how the CFServer handles them - you don't
have to use cfquery to manipulate client vars. Of course you will be able
to if you want to (and sometimes it can be handy) but the fact that they're
stored in the datasource doesn't change your code.
I code using the Fusebox methodology, and use client vars ALL the time -
never have a problem m8y.
Hope all this helps, and if you need anything else just drop me a line.
Toby
At 06:27 PM 8/20/2001, you wrote:
>Well, I thought when you turn on client variables, it looks for a
>datasource in the registry or else the datasource specified in the CF
>Administrator.. Shanje doesn't allow that. You have to use your own table
>in your own datasource. So just turning on client vars doesn't work. Or
>have I got it wrong?
>
>You have to save and retrieve client vars using CFQuery calls.
>
>Don't you?
>
>Cheers,
>Mike Kear
>Windsor, NSW, Australia
>AFP WebWorks
>
>
>-----Original Message-----
>From: Toby Tremayne [mailto:[EMAIL PROTECTED]]
>Sent: Monday, August 20, 2001 6:20 PM
>To: CF-Talk
>Subject: Re: Help with authorise/authenticate/session management
>
>Mike,
>
> Hope I'm not being completely unhelpful here <grin> but is there
>a particular problem with using datasource client variables? I generally
>employ one of two security models and they both use client vars to at least
>keep the state of the logged in user etc. I've always used client vars for
>everything - if you want some example code or anything like that please
>feel free to give me a yell.
>
>Otherwise I guess you could always use url vars but you're going to end up
>in a mess of spaghetti code among other things.
>
>Toby
>
>
>
>
>At 04:49 PM 8/20/2001, you wrote:
>
> >I have a problem with a site I am working on for a client. I am stuck
with
> >hosting it at Shanje.com for a variety of reasons that are outside the
>scope
> >of this discussion, but I have a big problem setting up a user
> >access/authenticate/session management system.
> >
> >Shanje don't allow client variables on a central datasource or in the
> >registry. So all client variables have to be done through a table in my
>own
> >SQL7 datasource. I can't use session management because the site is
> >clustered. And no CFX custom tags are allowed.
> >
> >Kind of tying my hands behind my back I think. I can use the NT
> >permissions management to restrict access if I'm happy to give everyone
the
> >same username and password. That's impossible in this site.
> >
> >
> >Can anyone help me out here ... how the hell do I control access to
users,
> >and grant permissions for various parts of the site, without using client
> >management, session management, CFX tags?
> >
> >The only way I have been able to think of up to now, is to set or test
for
>a
> >cookie at the top of each page, and do a query on the users table. Is
>there
> >any other way? Because this implies I have to deny access to anyone who
> >hasn't got cookies enabled. Has anyone set up an access control system
in
> >an environment like this?
> >
> >Please don't suggest moving away from Shanje, because in this case it's
not
> >an option.
> >
> >Cheers,
> >Mike Kear
> >Windsor, NSW, Australia
> >AFP WebWorks
> >
> >
> >
> >
> >
> >
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
