Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Creating a Login System

Status
Not open for further replies.
Guest_imported

Guest_imported

New member
Jan 1, 1970
0
Hello, I have tried to exercise due diligence before bothering anybody. I have read all of the threads that seem to deal with session or client management but I am still a bit unclear. I want to create a basic login system where a user needs to login before accessing a set of pages. I understand that I need to have something like the following in application.cfm:


<CFAPPLICATION NAME=&quot;MyApp&quot;
SESSIONMANAGEMENT=&quot;YES&quot;
CLIENTMANAGEMENT=&quot;YES&quot;
SETCLIENTCOOKIES=&quot;YES&quot;
SESSIONTIMEOUT=&quot;#CreateTimeSpan(0,0,20,0)#&quot;
APPLICATIONTIMEOUT=&quot;#CreateTimeSpan(2,0,0,0)#&quot;>
<CFSET APPLICATION.ADDTOKEN = &quot;CFID=#client.cfid#&amp;CFTOKEN=#client.cftoken#&quot;>


I also am fine with initially validating a login from the actual login page (ie. checking the provided username/password against these in my database. My question is what do I put at the top of all &quot;protected&quot; pages to ensure that the user is indeed logged in and has not timed out. If I merely check that CFID, for example, IsDefined it would be easy for anyone to append the variable CFID (set to anything) to the URL and access the page. I know that I am missing something basic here. Please Help! Also, is my application.cfm code appropriate? Thanks so much!
 
Sort by date Sort by votes
I would recommend just setting a session variable to indicate their login status. You could do this after authenticating the user like this.

<cfset session.loginStatus=&quot;yes&quot;>

At the top of any protected page, just add this:

<cfparam name=&quot;session.loginStatus&quot; default=&quot;no&quot;>
<cfif session.loginStatus is &quot;no&quot;>
<cflocation url=&quot;Login.cfm&quot;>
</cfif>

Before logging in or after their session expires, the session.loginStatus variable will not be present and will be given a default value of &quot;no&quot; on any protected page. This will then cause them to be re-directed to a login or error page of your choice. If they have logged in, CF will pass by this re-direction and show the requested page.

Hope this helps,
GJ
 
Upvote 0 Downvote
Thanks! I used this in combination with a log off button that sets session.loginStatus back to NO. I appreciate your time
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

RBGraphics
  • Locked
  • Question
Adobe Portfolio
Replies
0
Views
610
RBGraphics
RBGraphics
hifispin2015
  • Locked
  • Question
Creating a slect all button for A Multiple Slect HTML Form Field
Replies
1
Views
295
LyndonOHRC
LyndonOHRC
Mike Lewis
  • Locked
  • Question
Using Dreamweaver to maintain a site not created in Dreamweaver
Replies
2
Views
735
Mike Lewis
Mike Lewis
LyndonOHRC
  • Locked
  • Question
Javascript code will not execute if a cfdocument tag is in my document
Replies
1
Views
368
LyndonOHRC
LyndonOHRC
Kjonnnn
  • Locked
  • Question
What is is called when you end a domain with a folder name.
Replies
2
Views
302
Kjonnnn
Kjonnnn

Part and Inventory Search

Sponsor

Back
Top