Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CFLOGIN & Cookies

Status
Not open for further replies.
TamedTech

TamedTech

IS-IT--Management
May 3, 2005
998
0
0
GB
Hello Guys,

I've been working with a CFLOGIN based security model i found on easycfm.com and i've managed to break it in the midst of trying to add a 'remember me' type features to the login.

I can't personally spot anything that is going wrong in my code, and CF isn't kicking back any errors, it simply isn't logging me in.

The concept being that is a user is defined in a cookie then it uses thier cookie details to login to the site, and if it doesnt then use the values from the form to login.

I'm hoping you'll be able to have a look at this and tell me whats going on.

Here is the code in my application.cfm file that handles the cflogin.

Code: 
<!--- Cflogin runs before anything else if the user is not authenticated. --->
<cflogin>
<!--- the cflogin scope comes from a login form named cflogin.If it exists authenticate the user. --->
     <cfif isDefined('cflogin')>
	 
	 <cfif IsDefined("cookie.username") AND Isdefined("cookie.password")>
	 <cfloginuser name="#cookie.username#" password="#cookie.password#" roles="#cookie.roles#">	
	 <cfelse>
		<cfscript>
			// create the Security object
			Security = createObject("component","#Application.cfcRoot#.security");
			// store authenticate method of security object as roles variable. 
			variables.roles=Security.authenticate(form.username,form.password);
		</cfscript>
		<cfif variables.roles NEQ 0>
			<cfif IsDefined("form.cookie")>
				<cfcookie name="username" value="#form.username#" expires="NEVER">
          		<cfcookie name="password" value="#form.password#" expires="NEVER">
				<cfcookie name="roles" value="#variables.roles#" expires="NEVER">
    		<cfelse>
				<cfcookie name="username" value="#form.username#" expires="NOW">
          		<cfcookie name="password" value="#form.password#" expires="NOW">
				<cfcookie name="roles" value="#variables.roles#" expires="NOW">
			</cfif>
			<cfloginuser name="#form.username#" password="#form.password#" roles="#variables.roles#">
		</cfif>
     </cfif>
	 </cfif>
</cflogin>

Here is the form that the user fills in.

Code: 
<form action="<cfoutput>#CGI.script_name#</cfoutput>" method="post" onsubmit="return submitForm(this)" >
	<table width="100" border="0" cellspacing="0" cellpadding="3">
	  <tr> 
		<td>Username</td>
		<td><input name="username" type="text" tabindex="3" title="Username" size="25" maxlength="50" ></td>
	  </tr>
	  <tr> 
		<td>Password</td>
		<td><input name="password" type="password" tabindex="5" title="Password" size="25" maxlength="15"></td>
	  </tr>
	  <tr>
	  <td>Remember Me?</td>
	  <td><input type="checkbox" name="cookie" value="yes"></td>
</tr>
								  
	  <tr> 
		<td height="25" colspan="2"><div align="center"> 
			<input name="Submit" type="submit" value="Log In">
		  </div></td>
	  </tr>
	</table>
</form>

Sorry for the sloppy code but its a work in progress hope you'll manage to spot somthing i'm missing.

Thanks,

Rob
 
Sort by date Sort by votes
my opinion?

cflogin = yuk.

I find it easier, more reliable to just DIY.

For persistance, set a never ending cookie, or don't specify an expiration to last only the browser session.

but to check your work, the cookie IS being set, correct? or no?

and there is no cflocation in another script that would not allow the cookies to set is there?


Kevin

Phase 1: Read the CFML Reference
Phase 2: ???
Phase 3: Profit!
 
Upvote 0 Downvote
Morning Kev, thanks for getting in touch.

I'm running on MX7 so thought i'd utilize the old CFLOGIN facility, makes life quite easy when dealing with roles and suchlike.

I've had it up and running on a couple of projects without any issues at all, and i had it working on this project untill i started poking around with it to add this 'remember me' facility.

Nothing is blocking cookies on the browser end, i've got TT cookies set so i need not login when i arive here.

It does'nt appear to be setting cookies, infact, at the moment it doesnt appear that my form is passing my details to the cflogin script propoerly, as if i fill in my login details (that I know to be correct) then click submit it just kicks a blank form back at me and does'nt log me in.

Thanks,

Rob
 
Upvote 0 Downvote
Thanks Kev,

I'm all sorted now, managed to rework the code and its working a charm.

Rob
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

metaphiz
  • Locked
  • Question
Accessing CFLOGIN Vars
Replies
1
Views
27
FALCONSEYE
FALCONSEYE
johnnyfay
  • Locked
  • Question
Dreamweaver 8 &amp; Dreamweaver CS5
Replies
3
Views
50
sinbad99
sinbad99
hkhella
  • Locked
  • Question
Cold Fusion &amp; SQL 1
Replies
1
Views
36
r937
r937
5793124
  • Locked
  • Question
Cross references &amp; subscripts
Replies
1
Views
34
jessevic
jessevic
750GSXR
  • Locked
  • Question
cookies set in CF automatically delete
Replies
10
Views
79
LyndonOHRC
LyndonOHRC

Part and Inventory Search

Sponsor

Back
Top