Bob,
You are not using the CFLOGIN tag from MX, you could check admin in server
for default server variables including session etc, have a look at
application log. Not sure this would help, but you could try adding the
following code from the easycfm tutorial to Application.cfm (change the
filenames to oone's you use:)to avoid a possible loop problem mentioned
below, also check the locking(try it without to see if it could be the
prob?), maybe verify the people trying it do have a database username
password and dsn is working, also check there are no other Application.cfm
as CF uses the first it finds working up from the folder where the CF file
using it lives. If using mySQL there is code you have to use to configure
the database so that all remote users other than you the admin can access
the tables, ..your own code looks ok to my blind eye
<CFPARAM NAME="session.allowin" DEFAULT="false">
<!--- Now if the variable "session.allowin" does not equal true, send user
to the login page --->
<!---
the other thing you must check for is if the page calling this
application.cfm is the "login.cfm" page
and the "Login_process.cfm" page since the Application.cfm is always
called, if this is not checked
the application will simply Loop over and over. To check that, you
do the following call
--->
<cfif session.allowin neq "true">
<cfif ListLast(CGI.SCRIPT_NAME, "/") EQ "login.cfm">
<cfelseif ListLast(CGI.SCRIPT_NAME, "/") EQ "login_process.cfm">
<cfelse>
<!--- this user is not logged in, alert user and redirect to the
login.cfm page --->
<script>
alert("You must login to access this area!");
self.location="login.cfm";
</script>
</cfif>
</cfif>
Colm
-----Original Message-----
From: Bob Wood [mailto:[EMAIL PROTECTED]
Sent: 03 November 2003 11:59
To: [EMAIL PROTECTED]
Subject: RE: [ cf-dev ] Authentication problems
Application.cfm:
<CFAPPLICATION NAME="ISFA"
CLIENTMANAGEMENT="Yes"
SESSIONMANAGEMENT="Yes"
SETCLIENTCOOKIES="Yes"
SESSIONTIMEOUT="#CreateTimeSpan(0,0,15,0)#"
APPLICATIONTIMEOUT="#CreateTimeSpan(0,2,0,0)#">
<CFERROR MAILTO="[EMAIL PROTECTED]"
TYPE="Request" TEMPLATE="custom_error.cfm">
<CFSET web_db = "newmedia">
<CFSET yearNow=DateFormat(Now(),"YYYY")>
<cfsetting showdebugoutput="No">
-----------------------------------------------------------
Login page:
<cfif IsDefined("FORM.login")>
<cfset MM_redirectLoginSuccess="school_admin.cfm">
<cfset MM_redirectLoginFailed="logon_fail.cfm">
<cfquery name="MM_rsUser" datasource="#web_db#">
SELECT Login,Password FROM ISFA WHERE Login='#FORM.login#' AND
Password='#FORM.pword#'
</cfquery>
<cfif MM_rsUser.RecordCount NEQ 0>
<cftry>
<cflock scope="Session" timeout="30" type="Exclusive">
<cfset Session.MM_Username=FORM.login>
<cfset Session.MM_UserAuthorization="">
</cflock>
<cfif IsDefined("URL.accessdenied") AND false>
<cfset MM_redirectLoginSuccess=URL.accessdenied>
</cfif>
<cflocation url="#MM_redirectLoginSuccess#" addtoken="no">
<cfcatch type="Lock">
<!--- code for handling timeout of cflock --->
</cfcatch>
</cftry>
</cfif>
<cflocation url="#MM_redirectLoginFailed#" addtoken="no">
<cfelse>
<cfset MM_LoginAction=CGI.SCRIPT_NAME>
<cfif CGI.QUERY_STRING NEQ "">
<cfset MM_LoginAction=MM_LoginAction & "?" & CGI.QUERY_STRING>
</cfif>
</cfif>
AND:
<form name="form2" method="POST"
action="<cfoutput>#MM_loginAction#</cfoutput>">
<table width="100%" border="0" cellspacing="0" cellpadding="5">
<tr>
<td width="16%"><div align="right" class="bodyText">Login
id: </div></td>
<td width="84%"><input name="login" type="text" size="30"
id="login"></td>
</tr>
<tr>
<td><div align="right" class="bodyText">Password:
</div></td>
<td><input name="pword" type="password" size="30"
id="pword"></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="Submit" value="Submit">
<input type="reset" name="Submit2" value="Reset"></td>
</tr>
</table>
</form>
------------------------------------------------------------------------
---
Secured page:
<cfif Session.MM_Username EQ ""><cflocation url="home.cfm"></cfif>
<cfif IsDefined("URL.MM_logout") AND URL.MM_logout EQ "1">
<cflock scope="Session" type="Exclusive" timeout="30"
throwontimeout="no">
<cfset Session.MM_Username="">
<cfset Session.MM_UserAuthorization="">
</cflock>
<cfset MM_logoutRedirectPage="home.cfm">
<cfif MM_logoutRedirectPage EQ "">
<cfset MM_logoutRedirectPage=CGI.SCRIPT_NAME>
</cfif>
<cfset
MM_logoutQuery=ListDeleteAt(CGI.QUERY_STRING,ListContainsNoCase(CGI.QUER
Y_STRING,"MM_logout=","&"),"&")>
<cfif MM_logoutQuery NEQ "">
<cfif Find("?",MM_logoutRedirectPage) EQ 0>
<cfset MM_logoutRedirectPage=MM_logoutRedirectPage & "?" &
MM_logoutQuery>
<cfelse>
<cfset MM_logoutRedirectPage=MM_logoutRedirectPage & "&" &
MM_logoutQuery>
</cfif>
</cfif>
<cflocation url="#MM_logoutRedirectPage#" addtoken="no">
</cfif>
<cflock scope="Session" type="ReadOnly" timeout="30"
throwontimeout="no">
<cfset
MM_Username=Iif(IsDefined("Session.MM_Username"),"Session.MM_Username",D
E(""))>
<cfset
MM_UserAuthorization=Iif(IsDefined("Session.MM_UserAuthorization"),"Sess
ion.MM_UserAuthorization",DE(""))>
</cflock>
<cfif MM_Username EQ "">
<cfset MM_referer=CGI.SCRIPT_NAME>
<cfif CGI.QUERY_STRING NEQ "">
<cfset MM_referer=MM_referer & "?" & CGI.QUERY_STRING>
</cfif>
<cfset MM_failureURL="login.cfm?accessdenied=" &
URLEncodedFormat(MM_referer)>
<cflocation url="#MM_failureURL#" addtoken="no">
</cfif>
<cfset CurrentPage=GetFileFromPath(GetTemplatePath())>
<cfparam name="SESSION.MM_Username" default="1">
------------------------------------------------------------------------
--
I don't think I've missed anything out. These are just Dreamweaver MX
behaviours . . . . .
Thanks for your time!
Cheers,
Bob
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: 03 November 2003 10:16
To: '[EMAIL PROTECTED]'
Subject: RE: [ cf-dev ] Authentication problems
Importance: Low
Hi Bob
We'd need to see the code in:
1. Application.cfm
2. The login code setting the session variable which defines them as
logged
in
3. The security include/code securing all the pages
Then we'd be able to help diagnose the problem
HTH
Mark
-----Original Message-----
From: Bob Wood [mailto:[EMAIL PROTECTED]
Sent: 03 November 2003 08:42
To: [EMAIL PROTECTED]
Subject: [ cf-dev ] Authentication problems
Hi All,
I'm a CF newbie and have a dynamic site with some pages secured against
a list of login ids and passwords.
Problem is, not everyone can get in. I can, from my computer, get in as
anyone. Some people have an error come up with "MM_USERNAME is
undefined_session". I can replicate this by turning cookies off, but
other users say their browsers do have cookies enabled, but still can't
get in.
Is there something basic I'm missing? Why can I get in when others
can't?
Do I need to tweak my Application.cfm?
Any help much appreciated.
Thanks,
Bob
--
** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For human help, e-mail: [EMAIL PROTECTED]
--
** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For human help, e-mail: [EMAIL PROTECTED]
--
** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For human help, e-mail: [EMAIL PROTECTED]
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.530 / Virus Database: 325 - Release Date: 22/10/2003
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.530 / Virus Database: 325 - Release Date: 22/10/2003
--
** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For human help, e-mail: [EMAIL PROTECTED]
