Login / logout questions

mattyb · Feb 21, 2001

Hi -

Can some one give me a hand, I have been struggling with this problem for quite a while. I am using cf4.5, on NT with advanced security. I want to secure a directory using a security contex thats call pageworkers. I am validating the users from an LDAP server.

I have it working to a certain extent. A user can log in, and it validates the login. The problem lies with logging the user out. I have several questions about this.

My code will be listed below.

1. I created a logout.cfm, that basically clears the session, then sends the user back to the index.cfm page.
What do I need to do to have the application.cfm prompt the user to log back in. The Login page is in the application.cfm.

2. Should my logout.cfm, do something different?

3. Its been suggested that I create a new login.cfm page, but how do you take the login information from that and authenicate the user again? Do you then create a login_action.cfm page?

4. On all pages, what code do I need to put to autenitcate the user? Is there something that checks it?

5. In my book it talks about <cfcatch> If I catch a security problem, how do you send the user to the login screen.

6. In my application.cfm, theres a section that says "showlogin", How do I force the login from this code.

Is there a better way.
Matt

Application.cfm

<cfapplication name="pw"
clientmanagement="Yes"
applicationtimeout="#CreateTime(0, 0, 1)#"
sessionmanagement="yes"
setclientcookies="no"
sessiontimeout="#CreateTime(0, 0, 1)#" >

<CFIF not IsAuthenticated()>


<CFSET showLogin = "No">
<CFIF IsDefined("form.username&quot

and
IsDefined("form.password&quot

>
<cfset session.username="#form.username#">
<cfset session.password="#form.password#">

<CFTRY>
<cfauthenticate setcookie="yes"
throwonfailure="Yes"
securitycontext="PageWorkers"
username="#form.username#"
password="#form.password#">

<CFCATCH TYPE="security">


<H3>Invalid Login</H3>
<CFSET showLogin = "Yes">
</CFCATCH>
</CFTRY>

<CFELSE>

<CFSET showLogin = "Yes">
</CFIF>

<CFIF showLogin>

<CFSET url = "#cgi.script_name#">
<CFIF cgi.query_string is not "">
<CFSET url = url & "?#cgi.query_string#">
</CFIF>



<CFOUTPUT>
<FORM ACTION="#url#" METHOD="Post">
<TABLE>
<TR>
<TD>username:</TD>
<TD><INPUT TYPE="text" NAME="username"></TD>
</TR>

<TR>
<TD>password:</TD>
<TD><INPUT TYPE="password" NAME="password"></TD>
</TR>
</TABLE>
<INPUT TYPE="submit" VALUE="Login">

</FORM>

</CFOUTPUT>
<CFABORT>
</CFIF>

logout.cfm
<CFSET StructClear(Session)>
<cfset StructDelete(Session, "username&quot

>

<cfset Structclear(Session)>
<meta http-equiv="REFRESH" content="1; url=index.cfm?logout=yes">

iza · Feb 22, 2001

1- add in the application.cfm this line : <cfif logout eq "yes"> Please log back in </cfif>
2- why would you want he logout.cfm do something different ???
3- why would you create another login page ?????
4- the application.cfm file is INCLUDED in EVERY page and it DOES the authentication ... what's the point then ??
5- you already writtent the clause in the application.cfm !!! if it catches a security exception then you told it to do : 
<H3>Invalid Login</H3>
<CFSET showLogin = "Yes">
what's the point then ??
6- did you really understood what you wrote in the application.cfm ??? because it's already doing so !!!!!

mattyb · Feb 22, 2001

Iza -

I'm doing something wrong then. Its not catching the security, and its not coming up with a login page. What usually happens after a logout, where the session is cleared, the url location goes to the index.cfm page, where it errors out because session.username is not present.

Matt

iza · Feb 22, 2001

i guess cfcatch must somehow stop the processing, because your code should set ShowLogin properly ...
the Application.cfm example in the doc is working really very well, and i don't remember if it uses a cfcatch or not ....
you can also try <CFIF showLogin eq "Yes"> but i don't think it'll change anything

mattyb · Feb 22, 2001

On the Logout Page, can I <CFSET ShowLogin = "yes"> and trick it to open the login screen?

iza · Feb 22, 2001

yes but it should show up anyway, as the form.username and form.password are NOT defined
see ? :

<CFIF not IsAuthenticated()>

<CFSET showLogin = "No">
<CFIF IsDefined("form.username&quot

and IsDefined("form.password&quot

>
no it's not, jump to the cfelse ...[/red]
<CFELSE>

<CFSET showLogin = "Yes">
</CFIF>

<CFIF showLogin eq "Yes">
... should appear as showLogin="Yes"

mattyb · Feb 22, 2001

Still having problems. I gave up on the old Code. The new Code I am using is from Mastering Cold Fusion 4.5. I cut and pasted the snippet from the cd and I changed the security context to match my name.

With this code, It still is not catching the security exception. I set the <CFCOOKIE NAME="username" VALUE="" EXPIRES="NOW"><CFCOOKIE NAME="password" VALUE="" EXPIRES="NOW">, however, as I loop cflocate back to the index.cfm page, I would expect to have it catch the lack of cookies, and trigger the login page to come up. However, It errors on my index.cfm page because use a cookie.username Welcome <cfoutput>#cookie.username#</cfoutput>

Why isn't it catching the security?

The Code is pasted below.

Application.cfm


<CFPARAM name="HaveUsername" default="Yes">

<CFIF IsDefined("Cookie.Username&quot

>
<CFSET USERNAME=Cookie.Username>
<CFELSE>
<CFSET USERNAME="">
<CFIF IsDefined("Form.Username&quot

>
<CFSET USERNAME=Form.Username>
<CFCOOKIE NAME="username" VALUE="#Form.Username#">
<CFELSE>
<CFSET HaveUsername = "No">
</CFIF>
</CFIF>


<CFPARAM name="HavePassword" default="Yes">

<CFIF IsDefined("Cookie.Password&quot

>
<CFSET PASSWORD=Cookie.Password>
<CFELSE>
<CFSET PASSWORD="">
<CFIF IsDefined("Form.Password&quot

>
<CFSET PASSWORD=Form.Password>
<CFCOOKIE NAME="password" VALUE="#Form.Password#">
<CFELSE>
<CFSET HavePassword = "No">
</CFIF>
</CFIF>


<CFIF NOT IsAuthenticated()>


<CFIF HaveUsername and HavePassword>
<CFTRY>
<CFAUTHENTICATE
SECURITYCONTEXT="Pageworkers"
USERNAME="#USERNAME#"
PASSWORD="#PASSWORD#"
SETCOOKIE="Yes">


<CFCATCH TYPE="Security">
<CFCOOKIE NAME="username" VALUE="" EXPIRES="NOW">
<CFCOOKIE NAME="password" VALUE="" EXPIRES="NOW">
<CFLOCATION URL="index.cfm">
</CFCATCH>
</CFTRY>
</CFIF>


<FORM ACTION="index.cfm" METHOD="POST">
Username: <INPUT TYPE=text NAME="username"><BR>
Password: <INPUT TYPE=password NAME="password"><BR>
<INPUT TYPE=submit VALUE="LOGIN">
</FORM>

<CFABORT>

</CFIF>



<CFAPPLICATION NAME="Pageworkers">

logout.cfm

<cfset Structclear(Session)>
<CFCOOKIE NAME="username" VALUE="" EXPIRES="NOW">
<CFCOOKIE NAME="password" VALUE="" EXPIRES="NOW">
<meta http-equiv="REFRESH" content="1; url=index.cfm">

iza · Feb 23, 2001

i think you should allow user cookies
see your fisrt scfapplication tag was :
<cfapplication name="pw"
clientmanagement="Yes"
applicationtimeout="#CreateTime(0, 0, 1)#"
sessionmanagement="yes"
setclientcookies="no"
sessiontimeout="#CreateTime(0, 0, 1)#" >

mattyb · Feb 23, 2001

Iza-
I called to tech support from allaire. I'll let you know what my problem is, Thanks for helping me out.
Matt

mattyb · Feb 28, 2001

I solved the problem. Here is my log out page

logout.cfm
<cfset Structclear(Session)>
<cfset cookie.CFAUTH="">
<meta http-equiv="REFRESH" content="1; url=index.cfm">

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Login / logout questions

mattyb

Programmer

iza

Programmer

mattyb

Programmer

iza

Programmer

mattyb

Programmer

iza

Programmer

mattyb

Programmer

iza

Programmer

mattyb

Programmer

mattyb

Programmer

Similar threads

Part and Inventory Search

Sponsor