Seona,
 
CF relies on the cookies for session matching, it uses the cookie values CFID, CFTOKEN (and in MX, JSESSIONID) to match a session on the server to the client.
 
Because the cflocation is not sending through these cookie values (as these are set in the same request as your login detection), its not matching your client browser with a session.
 
Try using the standard html tag instead
 
<meta-equiv name="refresh" content="0;#your url#" />
 
or you could use
 
<cflocation url="" addtoken="yes"> (I should also say that the latter is not best practice to do due to security issues such as session hijacking)
 
You could move your authentication check out of Application.cfm into a separate file and include it at the top of every page that needs it. 
 
Your homepage might be a login page so it won't require an authentication check, but all your other pages will require it.
 
That way your CFID/CFTOKEN cookies will be set correctly on the first request, and be sent with subsequent requests back to the server.
 
HTH,
Steve
 
 
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Stephen Bosworth
Application Development and Integration
Communication and Information Services
The University of Newcastle, Australia
Phone: 02 4921 6574
Fax: 02 4921 7087
Email: [EMAIL PROTECTED]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

>>> [EMAIL PROTECTED] 2/02/2004 2:50:18 pm >>>
This has been an issue since I can remember. Refer to:
 
 
The problem is that the cookie CFID/CFTOKEN cookie values are not being sent along with the cflocation request.  cflocation does not do a server side redirect, but rather sends the redirect instruction back to the browser to get it to perform it.
 
 
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Stephen Bosworth
Application Development and Integration
Communication and Information Services
The University of Newcastle, Australia
Phone: 02 4921 6574
Fax: 02 4921 7087
Email: [EMAIL PROTECTED]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

>>> [EMAIL PROTECTED] 2/02/2004 2:30:47 pm >>>
Hi guys,

I have a problem where I am specifying some default values in
Application.cfm as follows:

<cflock scope="session" type="exclusive" timeout="10">
   <cfparam name="session.log_Access" default="0">
   <cfparam name="session.log_ID" default="">
   <cfparam name="session.log_Name" default="">
</cflock>

I am then running some code when a user logs in which should, in theory,
overwrite these values with the logged-in values:

<cfoutput>
<cfif qry_GetUserLogin.recordcount>
   <cflock scope="session" type="exclusive" timeout="10">
      <cfset session.log_Access = "#qry_GetUserLogin.AccessLevel#">
      <cfset session.log_Name = "#qry_GetUserLogin.LoginName#">
      <cfset session.log_ID = "#qry_GetUserLogin.ID#">
      <cflocation url="" addtoken="no">
   </cflock>
<cfelse>
    <cflocation url="" addtoken="no">
</cfif>
</cfoutput>

What I am getting, however, is that when I am returned to the home page I am
not getting the new values in the session variables (I have some temporary
code to output the values of these variables on the front page so I can
monitor what's happening to them).

The really strange thing is that I found if I remove the <cflocation> after
I set the variables, then they take. Why is this? Surely the <cflocation>
shouldn't actually take effect until it reaches that part of the code,
should it?

Cheers,

Seona.
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.576 / Virus Database: 365 - Release Date: 30/01/2004


---
You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]

MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia
http://www.mxdu.com/ + 24-25 February, 2004
---
You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]
MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia
http://www.mxdu.com/ + 24-25 February, 2004
---
You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]
MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia
http://www.mxdu.com/ + 24-25 February, 2004

Reply via email to