Webmaster Forum / ColdFusion / Getting Started / July 2007

The 10 minute answer is here.


http://livedocs.adobe.com/coldfusion/7/htmldocs/wwhelp/wwhimpl/common/html/wwhel
p.htm?context=ColdFusion_Documentation&file=00001122.htm

The rest of it depends on how you are logging in your users.  You may want to
use the cflogin tag and everything that goes with it.  Info starts in the cfml
reference manual, but that might not be enough.

The concept code below determines if the session variable "session.loggedIn" is
present.  If not, the user is not logged in.  session.loggedIn is set to false
and the application is redirected to the login form that contains the user id
and password fields.  If the user authenticates, session.loggedIn is set to
TRUE.

The concept code below determines if the session variable "session.loggedIn" is
present.  If not, the user is not logged in.  session.loggedIn is set to false
and the application is redirected to the login form that contains the user id
and password fields.  If the user authenticates, session.loggedIn is set to
TRUE.

<CFAPPLICATION NAME="SLM" SESSIONMANAGEMENT="yes"
   SESSIONTIMEOUT=#CreateTimeSpan(0,0,20,0)#>

<CFIF NOT IsDefined("session.LoggedIn")>
   <CFSET session.loggedIn = FALSE>
   <CFLOCATION URL="authenticate.cfm">
</CFIF>

jdeline,

 Thanks for your feedback.  Do I need to put any check code on individual pages to prevent users from typing the path directly?

Jimmy

No, because session.loggedIn does not exist, and the <CFIF> in Application.cfm
will force the redirect to the authenticate.cfm page.  Remember,
Application.cfm will run before the page they typed in is loaded.

sorry for my ignorance,  Still trying to understand all this.

So I create an application.cfm with your code .
<CFAPPLICATION NAME="foo" SESSIONMANAGEMENT="yes"
   SESSIONTIMEOUT=#CreateTimeSpan(0,0,10,0)#>

<CFIF NOT IsDefined("session.LoggedIn")>
   <CFSET session.loggedIn = FALSE>
   <CFLOCATION URL="authenticate.cfm">
</CFIF>

On my Login Page process page I havea code that  If the user is authenticated
correctly I set session.loggedIn="true"
After I set the loggin to true, can I use the cflocation to redirect them to a
menu page for members?

Then on my other files, I don't have to add any code since the application.cfm
will take care of the authenitcation.

Is it wise to create a logout button to kill the session?

Thanks,
Jimmy

You've got it right.  As far as the logout button, it would not hurt to put one in, although people frequently ignore them.

I must be doing something wrong., cause after logging in, I clicked on other
pages after my timeout was up and it let me access the site.

Here's my files.

============
Application.cfm
============
<CFAPPLICATION NAME="foo" SESSIONMANAGEMENT="yes"
   SESSIONTIMEOUT=#CreateTimeSpan(0,0,1,0)#>

<CFIF NOT IsDefined("session.LoggedIn")>
   <CFSET session.loggedIn = FALSE>
   <CFLOCATION URL="Login.cfm?val=0">
</CFIF>

========
Login.cfm
========
<cfinclude template="LuauTabMenu.cfm">
<CFIF #Val# EQ "0">
    <form action="Login.cfm?Val=1" method="post" name="form">
     Login:<input type="text" name="uid">
     Password:<input type="password" name="pwd">
     <input type="button" value="Login" onclick="submit()">
    </form>
<CFELSEIF #Val# EQ "1">
    <cfif #Form.UID# EQ "Jimmy" and #Form.pwd# EQ "Jimmy">
        <CFSET session.loggedIn = TRUE>
        <CFLocation url="Page1.cfm?val=0">
    <cfelse>
        <Cflocation url="Login.cfm">
    </cfif>
</CFIF>

My other pages are
Page1.cfm
Page2.cfm
Page3.cfm

I see it goes through to page1.cfm, but I wait say 3 minutes later, IF I clcik
Page2.cfm, It should go to the Login.cfm page, however it does not it loads
Page2.cfm

Jimmy

Hmmm.  I took your code and logged in as Jimmy/Jimmy.  I got to page 1 and let
it ser 3-4 minutes.  When I clicked "Reload" on my browser, I got bounced to
the login page, just like its supposed to work.  

What do you mean "If I click Page 2 ... "?  Is page2.cfm in the same folder as
your Application.cfm?

In my directory, I have Application.cfm, Login.cfm, Page1.cfm,
Page2,cfm,...4.cfm, and Tabmenu.cfm

Tabmenu.cfm is just some code w/ Links to page1-4.cfm.
I have a <CFInclude template="TabMenu.cfm"> on the top of each page.

Another thing I forgot to ask, do I need to enable any settings in the
administrator page to get application.cfm to work?

Jimmy

JDeline,

  Ok, I've been playing around with this and found the following.  The code
does time out and redirect you back to the login page if you hit
"Reload/Refresh", however if you click on the link after the time out, It
SHOULD take you to the login, but no it goes to the page.

I've uploaded the site on a temp directory.

http://www.hawaiihotels.com/Test/Login.cfm

Jimmy

[i]however if you click on the link after the time out, It SHOULD take you to
the login, but no it goes to the page. [/i]

Perhaps it does [i]not[/i] go to the page, but to a cached copy of the page.
That would explain why a refresh works better.

Thanks for all your help.  I've added the following code to the beginning of
all my pages inside that folder and everything worked.

<CFIF NOT IsDefined("session.LoggedIn")>
   <CFSET session.loggedIn = FALSE>
   <CFLOCATION URL="Index.cfm?val=0&E=2" addtoken="no">   
</CFIF>

Actually, I figured this out.  On the pages to be displayed, if you enclose all
the HTML inside the following code it will make it all come together and work.

<CFIF NOT IsDefined("session.MemberLoggedIn")>
<CFSET session.MemberloggedIn = FALSE>
<CFLOCATION URL="Index.cfm?val=0&E=2" addtoken="no">
</CFIF>

<CFIF session.MemberloggedIn eq "TRUE">

<---- HTML code goes here ---->

<cfelse>
<cflocation url = "login.cfm">
</CFIF>