Personally, I run this as an include at the top of each page:
<!--- This file is used to check whether or not a user is logged in,
and can be included --->
<!--- in any page that needs to be "protected" from the unauthorized user --->
<!--- Initialize our boolean flag to FALSE, saying the user is not yet
verified --->
<cfset bLoggedIn = False>
<!--- First, we check the session variable --->
<cfif IsDefined("Session.TrackingNumber")>
<cfif Session.TrackingNumber neq "">
<!--- if it is not false, we can assume that we have stored the
session.userid --->
<!--- so we set logged in to True - meaning the user is
verified --->
<CFLOCK NAME="SessionLockEntry" TIMEOUT="10" THROWONTIMEOUT="no"
type="exclusive">
<cfset SelectedAdmin = Session.TrackingNumber>
</cflock>
<cfset bLoggedIn = True>
</cfif>
</cfif>
<!--- Check to make sure that the user was verified --->
<cfif bLoggedIn eq False>
<!--- If not, then include an error file -basically saying you are
not authorized --->
<!--- to view this page, and then exit processing of the template, so
they don't see the rest --->
<cflocation url="http://www.myURL.com.au/login/index.cfm?LogError=1";
addtoken="No">
</cfif>
Chad
On Apr 8, 2005 2:18 PM, Tom MacKean <[EMAIL PROTECTED]> wrote:
> What do you use instead?
>
> Tom
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Andrew
> Scott
> Sent: Friday, 8 April 2005 2:10 PM
> To: CFAussie Mailing List
> Subject: [cfaussie] RE: Weird session behaviour
>
> Ok,
>
> I am guessing that it's the cflogin, I refuse to use them too as I don't
> trust them. Anyway these tags also rely on cookie and session
> information and might just be the culprit.
>
> Regards
> Andrew Scott
> Technical Consultant
>
> NuSphere Pty Ltd
> Level 2/33 Bank Street
> South Melbourne, Victoria, 3205
>
> Phone: 03 9686 0485 - Fax: 03 9699 7976
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Tom
> MacKean
> Sent: Friday, 8 April 2005 2:05 PM
> To: CFAussie Mailing List
> Subject: [cfaussie] RE: Weird session behaviour
>
> Application.cfm code below. (Thanks for your help with this)
>
> <cfapplication name="SydneyIVF_Admin" sessionmanagement="yes"
> loginstorage="session" sessiontimeout="#CreateTimeSpan(0,0,30,0)#"
> setdomaincookies="yes" >
>
> <cflogin idletimeout="1800">
> <!--- SECTION 1: If not logged in user, or login form not
> submitted,
> include the login form--->
> <cfif NOT isDefined("Form.username")>
> <cfinclude template="login/login_form.cfm">
> <cfabort>
> <cfelse>
> <!--- SECTION 2:The user has submitted the form, but
> either the name
> or password is blank, so include the form
> again
> --->
> <cfif Form.username is "" OR Form.password is "">
> <cfinclude template="login/login_form.cfm">
> <h3>You must enter text in both the User ID and
> Password fields.</h3>
> <cfabort>
> <cfelse>
> <!--- SECTION 3:The user has submitted name and
> password, check the database for
> match --->
> <cfquery name="qGetUser"
> datasource="#request.dsn#">
> SELECT * FROM tbl_users WHERE User_Name =
> '#FORM.UserName#' and User_Password=
> '#FORM.Password#'
> </cfquery>
> <!--- SECTION 4: The user has submitted a valid
> name and password --->
> <cfif qGetUser.RecordCount>
> <!--- Use <cfloginuser> here to identify
> the user to ColdFusion --->
> <cfloginuser name="#Form.username#"
> password="#Form.password#" roles="#qGetUser.user_Roles#">
> <cfset loggedin="1">
> <!--- SECTION 5: User has submitted
> invalid name and/or password,
> so show the form again --->
> <cfelse>
> <cfinclude
> template="login/login_form.cfm">
> <h3>Your information is not
> valid. Please try again.</h3>
> <cfabort>
> </cfif>
> </cfif>
> </cfif>
> </cflogin>
>
> ---
> You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
> To unsubscribe send a blank email to
> [EMAIL PROTECTED]
> Aussie Macromedia Developers: http://lists.daemon.com.au/
>
> NOTICE: Medical and scientific information provided in print and
> electronically by Sydney IVF might not be relevant to your own circumstances
> and should always be discussed with your own doctor before you act on it.
> This communication is confidential and may contain copyright or otherwise
> protected information of Sydney IVF Limited or a third party. If you are not
> the intended recipient of this communication please immediately let us know
> by reply email or telephone us on +61 2 9221 5964, delete the communication
> and destroy all copies.
>
> ---
> You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
> To unsubscribe send a blank email to [EMAIL PROTECTED]
> Aussie Macromedia Developers: http://lists.daemon.com.au/
>
---
You are currently subscribed to cfaussie as: [email protected]
To unsubscribe send a blank email to [EMAIL PROTECTED]
Aussie Macromedia Developers: http://lists.daemon.com.au/
