Re: Security Access

Jim McAtee Thu, 11 Apr 2002 22:36:15 -0700

If the second application.cfm has a <cfapplication> tag with a new
application name, then CF will see a different session structure.  It
sounds like you're passing all validated users into the admin area, so why
not just have the admin login page in the admin section of the site?


Jim

----- Original Message -----
From: "Mark Leder" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, April 11, 2002 11:21 PM
Subject: Security Access


> Building a secure access screen to an admin area on a site. I have a
> login screen on a public template which is then passed to a Cfcheck
> template.  Both of these templates are "controlled" by an
> application.cfm template.
> In this CFCheck template, if the Username and Password match what's in a
> db, the following code is run:
>
> <CFIF GetUser.RecordCount EQ 1>
>   <!--- Lock the Session Variables, and remember user's logged-in
> status, plus u_ID and First Name, in structure --->
>   <CFLOCK TIMEOUT="10" THROWONTIMEOUT="No" TYPE="EXCLUSIVE"
> SCOPE="SESSION">
>   <CFSET SESSION.Auth = StructNew()>
>   <CFSET SESSION.Auth.IsLoggedIn = "Yes">
>   <CFSET SESSION.Auth.ContactID  = GetUser.U_ID>
>   <CFSET SESSION.Auth.FirstName  = GetUser.First_Name>
>   <CFSET SESSION.Auth.LastName  = GetUser.Last_Name>
> </cflock>
>
> But, I want to pass the valid user on to a starting page in the admin
> section, which is "controlled" by a different application.cfm.
>
> In this second application.cfm I have the following code:
>
> <!--- If user is not logged in, force them to now --->
> <CFIF NOT IsDefined("SESSION.Auth.IsLoggedIn")>
>   <CFLOCATION
> URL="#APPLICATION.webroot#/login/default.cfm?access=Denied"
> ADDTOKEN="No">
>   <CFABORT>
> </CFIF>
>
> Thus, the problem, can a Session, which is created in the Cfcheck.cfm
> template be passed intact to another page, which is controlled by a
> different application.cfm.
>
> Whenever I run the login sequence, and I know it is successful, the
> second application kicks me back out to the login screen (meaning that
> its NOT IsDefined).
>
> What am I doing wrong?
>
> Thanks,
> Mark
>
> 
______________________________________________________________________
This list and all House of Fusion resources hosted by CFHosting.com. The place for 
dependable ColdFusion Hosting.
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Re: Security Access

Reply via email to