d, Incorrrect logins are dealt with properly.
I can use any correct id/password pair to login successfully, not only on my development machine, but on another machine on our network I've never used before (once cookies have been enabled). But not all users can use their own login. Is it too simplistic to assume that because I can login OK, the fault is with a user's browser? Bob -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 03 November 2003 15:19 To: [EMAIL PROTECTED] Subject: Re: [ cf-dev ] Authentication problems Bob, Seems strange this error would be thrown and it should be nothing to do with cookies. If the login is successful then the session var (MM_username) should be set up. Anyone else see anything in this? What happens when you put incorrect login details in? d ----- Original Message ----- From: "Bob Wood" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, November 03, 2003 11:59 AM Subject: RE: [ cf-dev ] Authentication problems > Application.cfm: > > > <CFAPPLICATION NAME="ISFA" > CLIENTMANAGEMENT="Yes" > SESSIONMANAGEMENT="Yes" > SETCLIENTCOOKIES="Yes" > SESSIONTIMEOUT="#CreateTimeSpan(0,0,15,0)#" > APPLICATIONTIMEOUT="#CreateTimeSpan(0,2,0,0)#"> > > <CFERROR MAILTO="[EMAIL PROTECTED]" > TYPE="Request" TEMPLATE="custom_error.cfm"> > > > > <CFSET web_db = "newmedia"> > > <CFSET yearNow=DateFormat(Now(),"YYYY")> > > <cfsetting showdebugoutput="No"> > > ----------------------------------------------------------- > > > Login page: > > > <cfif IsDefined("FORM.login")> > <cfset MM_redirectLoginSuccess="school_admin.cfm"> > <cfset MM_redirectLoginFailed="logon_fail.cfm"> > <cfquery name="MM_rsUser" datasource="#web_db#"> > SELECT Login,Password FROM ISFA WHERE Login='#FORM.login#' AND > Password='#FORM.pword#' > > </cfquery> > <cfif MM_rsUser.RecordCount NEQ 0> > <cftry> > <cflock scope="Session" timeout="30" type="Exclusive"> > <cfset Session.MM_Username=FORM.login> > <cfset Session.MM_UserAuthorization=""> > </cflock> > <cfif IsDefined("URL.accessdenied") AND false> > <cfset MM_redirectLoginSuccess=URL.accessdenied> > </cfif> > <cflocation url="#MM_redirectLoginSuccess#" addtoken="no"> > <cfcatch type="Lock"> > <!--- code for handling timeout of cflock ---> > </cfcatch> > </cftry> > </cfif> > <cflocation url="#MM_redirectLoginFailed#" addtoken="no"> > <cfelse> > <cfset MM_LoginAction=CGI.SCRIPT_NAME> > <cfif CGI.QUERY_STRING NEQ ""> > <cfset MM_LoginAction=MM_LoginAction & "?" & CGI.QUERY_STRING> > </cfif> > </cfif> > > AND: > > <form name="form2" method="POST" > action="<cfoutput>#MM_loginAction#</cfoutput>"> > <table width="100%" border="0" cellspacing="0" cellpadding="5"> > <tr> > <td width="16%"><div align="right" class="bodyText">Login > id: </div></td> > <td width="84%"><input name="login" type="text" size="30" > id="login"></td> > </tr> > <tr> > <td><div align="right" class="bodyText">Password: > </div></td> > <td><input name="pword" type="password" size="30" > id="pword"></td> > </tr> > <tr> > <td> </td> > <td><input type="submit" name="Submit" value="Submit"> > <input type="reset" name="Submit2" value="Reset"></td> > </tr> > </table> > </form> > > ------------------------------------------------------------------------ > --- > > Secured page: > > > <cfif Session.MM_Username EQ ""><cflocation url="home.cfm"></cfif> > > <cfif IsDefined("URL.MM_logout") AND URL.MM_logout EQ "1"> > <cflock scope="Session" type="Exclusive" timeout="30" > throwontimeout="no"> > <cfset Session.MM_Username=""> > <cfset Session.MM_UserAuthorization=""> > </cflock> > <cfset MM_logoutRedirectPage="home.cfm"> > <cfif MM_logoutRedirectPage EQ ""> > <cfset MM_logoutRedirectPage=CGI.SCRIPT_NAME> > </cfif> > <cfset > MM_logoutQuery=ListDeleteAt(CGI.QUERY_STRING,ListContainsNoCase(CGI.QUER > Y_STRING,"MM_logout=","&"),"&")> > <cfif MM_logoutQuery NEQ ""> > <cfif Find("?",MM_logoutRedirectPage) EQ 0> > <cfset MM_logoutRedirectPage=MM_logoutRedirectPage & "?" & > MM_logoutQuery> > <cfelse> > <cfset MM_logoutRedirectPage=MM_logoutRedirectPage & "&" & > MM_logoutQuery> > </cfif> > </cfif> > <cflocation url="#MM_logoutRedirectPage#" addtoken="no"> > </cfif> > <cflock scope="Session" type="ReadOnly" timeout="30" > throwontimeout="no"> > <cfset > MM_Username=Iif(IsDefined("Session.MM_Username"),"Session.MM_Username",D > E(""))> > <cfset > MM_UserAuthorization=Iif(IsDefined("Session.MM_UserAuthorization"),"Sess > ion.MM_UserAuthorization",DE(""))> > </cflock> > <cfif MM_Username EQ ""> > <cfset MM_referer=CGI.SCRIPT_NAME> > <cfif CGI.QUERY_STRING NEQ ""> > <cfset MM_referer=MM_referer & "?" & CGI.QUERY_STRING> > </cfif> > <cfset MM_failureURL="login.cfm?accessdenied=" & > URLEncodedFormat(MM_referer)> > <cflocation url="#MM_failureURL#" addtoken="no"> > </cfif> > <cfset CurrentPage=GetFileFromPath(GetTemplatePath())> > <cfparam name="SESSION.MM_Username" default="1"> > > > ------------------------------------------------------------------------ > -- > > I don't think I've missed anything out. These are just Dreamweaver MX > behaviours . . . . . > > Thanks for your time! > > Cheers, > Bob > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: 03 November 2003 10:16 > To: '[EMAIL PROTECTED]' > Subject: RE: [ cf-dev ] Authentication problems > Importance: Low > > Hi Bob > > We'd need to see the code in: > > 1. Application.cfm > > 2. The login code setting the session variable which defines them as > logged > in > > 3. The security include/code securing all the pages > > Then we'd be able to help diagnose the problem > > HTH > Mark > > -----Original Message----- > From: Bob Wood [mailto:[EMAIL PROTECTED] > Sent: 03 November 2003 08:42 > To: [EMAIL PROTECTED] > Subject: [ cf-dev ] Authentication problems > > > Hi All, > > I'm a CF newbie and have a dynamic site with some pages secured against > a list of login ids and passwords. > > Problem is, not everyone can get in. I can, from my computer, get in as > anyone. Some people have an error come up with "MM_USERNAME is > undefined_session". I can replicate this by turning cookies off, but > other users say their browsers do have cookies enabled, but still can't > get in. > > Is there something basic I'm missing? Why can I get in when others > can't? > Do I need to tweak my Application.cfm? > > Any help much appreciated. > > Thanks, > Bob > > > -- > ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > For human help, e-mail: [EMAIL PROTECTED] > > -- > ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > For human help, e-mail: [EMAIL PROTECTED] > > > > -- > ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > For human help, e-mail: [EMAIL PROTECTED] > > -- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED] -- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED]
