We are in a load-balanced environment and are using Client variables in a
centralized database for session management.
1. The solution I built for a similar situation is to have a Client variable
that stores a timestamp of the last time a person did something in the
secure area of the site.
When a person logs in I set my variable Client.Expires to the current system
time plus 30 minutes. Each time the person tries to do something on the
secure area of the site I validate the fact that they are logged in by
checking my variable Client.LoggedIn. If they are logged in, I compare my
variable Client.Expires against the current system time to see if they have
done something in the secure area of the site within the last thirty
minutes. If they have done something in the last thirty minutes, I update
Client.Expires to the current system time plus 30 minutes and let them
continue.
If they haven't done something in the secure area of the site in the last 30
minutes, I set the Client.LoggedIn variable to False and redirect them to
the login page.
2. I track a return fuseaction throughout the Web site so I know which menu
to send them back to. We have 5 menu choices on our home page. When a person
chooses a menu page, I append "RFA=(return menu name)" to the URL for each
menu item on that page. Then I just keep passing that RFA around on the URL
or as a hidden form variable. At the bottom of the pages referenced from the
menu I have a link back to the menu page by using:
<CFOUTPUT>To return to the menu, <A
HREF="../index.cfm?action=#Attributes.RFA#&#URLTOKEN#">click
here</A>.</CFOUTPUT>
This way I can reuse templates but always give the person a link back to the
menu from which they started.
Thanks to Hal Helms for writing the CF Developer's Journal articles relating
to return fuseactions!
Scott
-----Original Message-----
From: Bill Killillay [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 09, 2000 10:33 AM
To: [EMAIL PROTECTED]
Subject: application security and returnfuseaction
Hello,
I have two questions that kind of relate to each other.
1. I have a secure area of an application that I am building and in that
area, I want to include a little security check to make sure that the user
is logged in. I am finding that if I do a check for a Client.whatever
variable though that it's not timing out. I wanted to set the time out for
15 minutes for testing. This is just a little action file
(act_checklogin.cfm) in it, it just checks to make sure (right now) that a
session variable has not timed out, if it has, it redirects to the login
page where it gives a nice message telling them that it's timed out.
2. I want to use the returnfuseaction to direct the user back to what ever
page they where on after they log back in. However I am not to sure of what
the syntax for this would look like.
The whole application is done using Fusebox and I really don't want to use
session variables as this site will probably down the road end up being in a
clustered environment and will need to use client variables. What is the
best way to get them to time out like I need them to in number one above?
Thanks.
Bill
----------------------------------------------------------------------------
--
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
