> It either creates an infinite loop that continues to go > back to the login screen or it doesn't work at all (as if I don't even have > the <cflocation... tag).
You need to create an exception that tells the code to allow the viewing of this page but not any others in the directory. So typically your application.cfm looks for username and password or that the user has been authenticated. You just need to add one more piece to that logic that says if they are trying to go to this file then allow them. That will stop your loop. Or just redirect them to a page that is one directory up from what you are protectingIf that applies to your structure. On number two. I usually just set a session variable that sets logged in equals one and put logic before my username/password checking code that bypasses the check if they are already logged in. That way you don't have to process the username/password combo for every page request. I am not as familiar with the cflogin tag but my guess would be to change the password and pass the username and new password back into the cflogin tag on the same page at the same time. Dave On 4/19/05 10:11 AM, "Alford, Gary L" <[EMAIL PROTECTED]> wrote: > Here's the problem. When I set up a new user, I have a default password > assigned to the user. When the user logs in for the first time, I want to > redirect him to a page that forces him to change his password to something > more permanent and set up a password hint question / answer combination in > case he ever forgets his password. > > The first problem is redirecting the page. I have tried <cflocation... in > various places. It either creates an infinite loop that continues to go > back to the login screen or it doesn't work at all (as if I don't even have > the <cflocation... tag). > > The second problem relates to the theory that the redirect does work. If > the user is forced to change his password, how do I save the new password > back to the <cfloginuser... application. Theory would dictate that, without > saving it back to <cfloginuser..., when the system times out (the timeout > parameter of the <cflogin... script), logging back into the system would > fail because it would not recognize the new password. The user would have > to completely log out of the system and log back in for the new password to > be effective. Obviously, this scenario would not be preferred. I am trying > to cut down on the number of times a user has to log in to the system. Not > increase it. > > > > _____ > > Gary L. Alford > Manufacturing Operations Project Specialist > Bell Helicopter XWorx > Phone: (817) 280-6233 Fax: (817) 278-6233 > [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> > > I have not failed. I've found 10,000 ways that won't work. > Thomas A. Edison > _____ > > > > -----Original Message----- > From: Matt Woodward [mailto:[EMAIL PROTECTED] > Sent: Tuesday, April 19, 2005 9:40 AM > To: [email protected] > Subject: Re: My apologies if this is a duplicate > > > Sorry, it went through Gary--I'm just not sure there's a way to do > this. I'll have to dig some more. > > Matt > > On 4/19/05, Alford, Gary L <[EMAIL PROTECTED]> wrote: >> I'm beginning to think that this never went through. My apologies if it > did >> go through and this is a duplicate. >> >> When I use the tag >> >> <cfloginuser name="#GetUser.USERID#, #GetUser.FIRSTNAME#, >> #GetUser.LASTNAME#" password="#form.UserPassword#" >> roles="#GetUser.SECURITYLEVEL#">, >> >> I understand that I can capture the User ID, First Name, and Last Name for >> later use with one of the three functions ListFirst, ListLast, or > ListGetAt. >> However, does anyone know how I can capture the password attribute? > (Please >> note that all the "GetUser" variables in this tag are captured from a > query >> output.) >> >> TIA >> >> ---------------------------------------------------------- >> Gary L. Alford >> Manufacturing Operations Project Specialist >> Bell Helicopter XWorx >> Phone: (817) 280-6233 Fax: (817) 278-6233 >> [EMAIL PROTECTED] >> ---------------------------------------------------------- >> ---------------------------------------------------------- >> To post, send email to [email protected] >> To unsubscribe: >> http://www.dfwcfug.org/form_MemberUnsubscribe.cfm >> To subscribe: >> http://www.dfwcfug.org/form_MemberRegistration.cfm >> >> > -- C: Zanzeta, Inc. N: Dave Livingston T: Chief Information Officer P: 469.688.4872 F: 214.292.8578 E: [EMAIL PROTECTED] -- ---------------------------------------------------------- To post, send email to [email protected] To unsubscribe: http://www.dfwcfug.org/form_MemberUnsubscribe.cfm To subscribe: http://www.dfwcfug.org/form_MemberRegistration.cfm
