Session Variables Questions

[ma701sd]

Hi,

I have created an login procedure using application.cfm, however I have a few quesions...


1) How can I tell which user has been authentificated on each page

2) personalise each page specific to a user i.e. let a user view a page that is specific to a single user (similar to an online application form where I can start filling and application form and come back and start where I left off)

3) Identify a user throughout all the pages that the user has access to e.g. once a user has been athentificated and I want to display the username variable after performing a query and enclosing #usernane# within CFOUTPUT tages, I get an error

4) Once A user has been authentificated and is taken the welcome page, the URL is appended with "?CFID=6&CFTOKEN=19037113". I know this has something to do with
<CFLOCATION URL=&quot;Welcome.cfm&quot; AddToken=&quot;Yes&quot;> but Im not sure what this means????

5) Whats ?cfid=#cfid#&amp;cftoken=#cftoken# al about and whats it advantages?


I think thats all the Questions for now.

Many thanks in advance

Sam

 

[KevinFSI]

Sam,
Check out thread232-43482

First, you don't need to say ADDTOKEN=&quot;Yes&quot; as it is the default. Tokens are simply unique identifiers established for each user's session.

Second, once your user is logged in, set their username and password as session variables like:
<CFSET session.user = #FORM.username#>
from your login form. Then you can call that variable throughout the site:
<CFOUTPUT>#session.user#,/CFOUTPUT>

Finally, as far as customizing the page, I guess you could have the user select the options he/she wants, store those choices in your database then call them back based on that users preference. They would have to say they want their bgcolor to be silver or something which then gets converted to hexadecimal and stored in your database. I'm not sure. Kevin
slanek@ssd.fsi.com

 

[ma701sd]

Thanks Kevin,

It works like a dream!!

 

[impelliblast]

dear ma707sd

I would like to add some important information to the replies you've received so far.

Since called CF is a multi-threaded language two users can actually create a session variable at the same time. This, of course, would be a bad thing. You should always 'lock' your session variables when writing to them using cfset or cfparam by using the cflock tag. Whenever the CF server encounters a cflock tag it will 'reserve' a memory location during the duration of that write

When session (or client) management is enabled the only time you have to manually pass the urltoken variable manually is if you have the setclientcookies attribute cfapplication tag set to NO. Then the best way to pass the cfid and cftoken variables is via a hidden form field. If you have the attribute set to YES (setcliencookies), CF will pass the required internal session variables automatically..even when using cflocation. But when using cflocation, since the default is yes for the addtoken attribute, you will be able to see the cfid and cftoken variables int he address bar. This is usually not a good idea on pages where you want to keep a particular user's session private for that user. So set the attribute to NO. Your session state will remain in tact, but you won't see all that ugly variable junk in the address bar.

And finally... despite what you read in the thread that Kevin pointed you to regarding ending a session, the most correct way is to make use of the StructClear (resets all session variables) or StructDelete (resets only the session variables you want it to. Remember to nest your StructClear or StructDelete funtions within cflock functions.

 

[ma701sd]

Dear impelliblast,

Thanks for your reply, however, Ive opted to use Client Variables instead. This is because I want to keep track of users between sessions and mainly because i've coded it all using Client variables and wouldn't know where to begin to start re-configuring the code to convert into session variables.

However, I do not want to use cookies (setcliebtcookies=&quot;No&quot so I am prepared to pass everything via form.
What im confused about is some people say I should use CFID=#CFID etc etc, and the book says a I should use URLTOKEN when posting to my action page...Im terrible confused..Also, ae there any good examples of passing the variables via hidden form fields that i can refer to?

I have posted another thread called &quot;Client Variables&quot; where I want to track each user by storing the cookie info in the database.

If you dont mind, could you have a look at that thread and maybe shed some light. If you still think what Im trying to acheoeve is possible to do using session variables then I might consider it

If you require more info, I can submit my code next time round?

Your help would be greatly appreciated

Many Thanks
Sam

 

[DainAnderson]

Sam,

Using ?cfid=#cfid#&amp;cftoken=#cftoken# is essentially the same as appending ?#URLTOKEN# -- they both let your server know &quot;who&quot; you are (your session), and are needed if you aren't setting cookies within a session-based application. If you were using cookies, these values (among a few others) are placed in the cookie file, so passing URLTOKEN is not longer required.

HTH,
Dain Anderson

http://www.cfcomet.com/

 

[ma701sd]

thanks for your help, i think i got it sussed

sam....