Below is my login page andI use cflock when I create session variables. I think i used this correctly. But do I need to use CFLOCK on every query in the app or every time I just show a session variable? Also I am using Coldfusion 8
Code:
<!--- Get user's details from the database --->
<cfquery name="GetUser" datasource="teacherreacher" username="teacherreacher" password="jScottbern11" >
SELECT *
FROM stuser
WHERE email = '#form.email#'
AND pwd = '#form.password#'
</cfquery>
<!--- Check if we have a winner! --->
<cfif GetUser.RecordCount eq 0>
<!--- User does not exist --->
<!--- Pass the variables back in the URL - message and UserName --->
<cfset loginpage = "index.cfm?nm=1" >
<cfset loginpage = loginpage & "&Name=" & URLEncodedFormat(#Form.email#)>
<cflocation url="#loginpage#">
<cfelseif GetUser.RecordCount gt 0 and GetUser.active eq 0>
<cfset loginpage = "index.cfm?nm=2" >
<cfset loginpage = loginpage & "&Name=" & URLEncodedFormat(#Form.email#)>
<cflocation url="#loginpage#">
<cfelse>
<!--- Store the user id in session variables and cookies. --->
<cflock scope="Session" timeout="20" type="exclusive">
<cfset Session.districtid = GetUser.districtid>
<cfset Session.parentid = GetUser.parentid>
<cfset Session.email = GetUser.email>
<cfset Session.sfirst = GetUser.sfirst>
<cfset Session.slast = GetUser.slast>
<cfset Session.password = GetUser.pwd>
</cflock>
<META HTTP-EQUIV=REFRESH CONTENT="0; URL=main.cfm?pgid=1">
</cfif>