Session.Security error

programmher · Aug 8, 2000

I am assigning security levels to certain pages within my site. The security is supposed to be determined after the user logs in on the welcome page.  The login authentication is performed by the below code: "<CFSET Session.LoggedIn = FALSE> <html> <head> <title> Welcome - UserID Authenticate</title> </head> <cfquery name="LogginIn" datasource="MyDatabase" > SELECT      * FROM         dbo.Users WHERE      (UserId = '#form.UserID#') AND (Password = '#form.password#') </cfquery>     <cfif LogginIn.RecordCount GREATER THAN 0> <CFIF LogginIn.Password IS Form.Password> <CFSET Session.LoggedIn = TRUE>     <CFSet Session.UserID="#Form.UserID#">      <CFSET Session.AddToken = "cfid=#cfid#&cftoken=#cftoken#">  <CFELSE> <CFSET Reason = "The password you typed is invalid.  Please Try again"> </CFIF>  <CFELSE> <CFOUTPUT> <CFSET Reason = 'Can not find a user named #Form.UserID#'> </CFOUTPUT> </CFIF>   <CFIF Session.LoggedIn> <cflocation url="Home.cfm" addtoken="Yes"> <cfelse> <CFOUTPUT> <Script> alert("Sorry!  Your login was unsuccessful&quot

; self.location="welcome.cfm"; </script> </cfoutput> </cfif>" Needless to say, when I refer to the Security session variable in my home.cfm page, I get an error.  What am I missing?  Why does my CF "read" the session variable before the session.security and the session variable after the session.security variable???

celley · Aug 8, 2000

I think that there might be an easier way to manage this.  Along with username and password in the database, you should assign authorization codes.  And when you pull a users records, pull the auth code.  And then <cfset session.security = #database.authcode#>  And then on each page, check to make sure that the session user has the correct session auth code to be on that page.  I hope I understood your question.... and that this answered it for you. And if I misunderstood your question... this may be another answer... if you are checking to see if the user has logged in to the application before viewing some pages, make sure that the session.username exists before the page can be viewed.

programmher · Aug 9, 2000

Celley, Thanks for your suggestion!  You perfectly understand whatn I'm trying to accomplish.    But, I am still getting the same error - whether I clal my variable "authcode" or "security".  The authcode will determine who has access to what pages.  The userid is recognized - not my security level (or authcode). Can you  - or anyone  - see any error in my coding that may explain this?

ntm0n · Oct 3, 2002

As I see it, your trying to get your security level from your form (Which you have commented out). Secondly - did you add a security/authcode level to the database and get that on the call?

You need to add your auth codes to the database, and then assign that to your session variable. Currently in the code provided you have no authcode defined.

Hope this helps...

Gary

><cfif LogginIn.RecordCount GREATER THAN 0>
<CFIF LogginIn.Password IS Form.Password>
<CFSET Session.LoggedIn = TRUE>
<CFSet Session.UserID="#Form.UserID#">

<CFSET Session.AddToken = "cfid=#cfid#&cftoken=#cftoken#">

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Session.Security error

programmher

Programmer

celley

Programmer

programmher

Programmer

ntm0n

Programmer

Similar threads

Part and Inventory Search

Sponsor