Ernie:
Why don't you have the cookie set to expire on the session... That way
when the user closes the browser their session is over and they would
have to log back in...
Login action:
<!---Lookup the login in the database --->
<CFQUERY NAME="IsValidLogin" DATASOURCE="#session.DSN#">
SELECT *
FROM MTUSER
WHERE Username = '#form.Username#'
AND Password = '#FORM.Password#'
</CFQUERY>
<!---If it was an invalid login, send them back to the login page --->
<CFIF IsValidLogin.RECORDCOUNT IS "0">
<cflocation url="index.cfm?Failed=Yes">
<!---Set Cookie --->
<CFELSE>
<cfcookie name="admin"
value="#form.username#">
<!---Send them to the home of the application --->
<META HTTP-EQUIV=Refresh content="0; URL=wsb/index.cfm">
</cfif>
Application.cfm:
<!---simple Cfif to keep them out --->
<cfif isdefined("cookie.admin") is False>
<cflocation url="http://www.atomicqube.com";>
</cfif>
-----Original Message-----
From: Ernie Pena [mailto:[EMAIL PROTECTED]]
Sent: Monday, June 03, 2002 3:10 PM
To: CF-Talk
Subject: Members Only section
Whats the best way to handle security on a members section wouldsomthing
like this work? Application.cfm w/cookies set to expire in1 hour, or
some other means please advise.
Here is what kind of box I have,
Windows 2K
SQL 2K
CF5
1gig or ram
36 gig scsi
dule PIII 933
Thanks in advanced
Ernie Pena
Atomicqube
______________________________________________________________________
Signup for the Fusion Authority news alert and keep up with the latest news in
ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
