Skip navigation
Currently Being Moderated

Cookie login

Jul 25, 2012 12:42 PM

Hi,

    I was just wondering how to get my text box on my login screen to remember my username when I come back to it? I'm thiking I need some sort of cookie. I want it to be as simple as possible. Below is what is on my login screen now. Does someone know how I can do this? Thanks.

Andy

 

 

<html>

<head>

    <title>Ironwood Electronics Member Login</title>

   

<script type="text/javascript">

 

function rfqlogin()

{

document.foo.rfq_login.value="yes";

document.foo.eco_login.value="no"

document.foo.action ="validate.cfm";

document.foo.submit();

}

 

 

function ecologin()

{

document.foo.eco_login.value="yes";

document.foo.rfq_login.value="no";

document.foo.action ="validate.cfm";

document.foo.submit();

}

 

</script>

 

</head>

 

<body>

 

<link href="styles/admin.css" rel="stylesheet" type="text/css">

 

--->

 

<table border="0" cellpadding="0" cellspacing="0" align="center">

 

  <tr>

   <td colspan=4><img src="images/login.jpg" width="389" height="84" border="0" alt="login"></td>

  </tr>

 

      <tr>

    <td> </td>

    </tr>

 

  <tr>

<cfform name="foo" <!--- action="validate.cfm" ---> method="post" onSubmit="return validate()">

 

 

<tr><td width=124></td><td align="left">User name:  <input type="text" name="UserName" maxlength="14" size="12"></td>

     </tr>

   

   <tr><td width=124></td>

    <td align="left">Password:   <input type="Password" name="password" maxlength="14" size="12"></td></tr>

 

<!------ IF MESSAGE EXISTS, DISPLAY ERRORS IN FORM ------->

 

  <CFIF IsDefined("url.message")>

  <CFOUTPUT>

 

  <tr><td> </td>

  <td><img src="images/warning.gif" align="left" width="22" height="22" border="0" alt="">

  <span class="error">#url.message#</span>

  </td></tr>

 

  </CFOUTPUT>

  </CFIF>

   

   

 

    <tr>

    <td>

 

</td>

 

 

<tr>

<td>

 

</td>

</tr>

 

<tr>

<td align="center" colspan=4>

   

    <!--- This is set up now so there can be 2 different Add Buttons. --->

<cfinput type="button" name="submitBtn" onclick="rfqlogin()" value="RFQ Login">

<cfinput type="button" name="submitBtn" onclick="ecologin()" value="ECO Register Login">

 

<!--- These are needed if I want to do something on the next page for a certain section. --->

<cfinput type="hidden" name="rfq_login">

<cfinput type="hidden" name="eco_login">

 

    </cfform>

   

    </td>

   </tr>

 

</table>

 

 

</body>

</html>

 
Replies
  • Currently Being Moderated
    Jul 25, 2012 5:33 PM   in reply to jamie61880

    There are a few ways to accomplish this. I prefer an AJAX approach but for simplicity, add the following somewhere above the username field and add value="#variables.username#" in the cfinput tag for username:

     

    <cfset variables.userName="" />

    <cfif isDefined("cookies.rememberMe")>

         <cfset variables.userName=htmlEditFormat(cookie.rememberMe) />

    </cfif>

    ...

    <cfinput type="text" name="UserName" maxlength="14" size="12" value="#variables.userName#" />

     

    Like I said, I prefer AJAX to populate the UserName field. I encrypt the cookie value that is stored on the client PC and the server page that returns the AJAX response decrypts the value for me.

     

    On a side note, notice my use of htmlEditFormat(). This is to prevent using the cookie for a cross site scripting (XSS) attack. I noticed you output url.message in your template above. This is ripe for a XSS attack. I only noticed because much of my early code used identical code and it weren't pretty when my code encountered a PCI security scanner for the first time several years back.

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 26, 2012 9:23 AM   in reply to jamie61880

    jamie61880 wrote:

     

    Steve,

        I tried this code, but it doesn't do anything. I noticed on the If IsDeifined line, you have cookies.rememberMe and on the line below it, you have cookie.rememberMe. Does this matter? I tried putting the 2nd line to cookies.rememberMe, but it still doesn't display the username in the box. What do I have to change?

    It does matter. Change the line <cfif isDefined("cookies.rememberMe")> to <cfif isDefined("cookie.rememberMe")>

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 26, 2012 9:41 AM   in reply to Steve Sommers

    Steve Sommers wrote:

     

    There are a few ways to accomplish this. I prefer an AJAX approach but for simplicity, add the following somewhere above the username field and add value="#variables.username#" in the cfinput tag for username:

     

    <cfset variables.userName="" />

    <cfif isDefined("cookies.rememberMe")>

         <cfset variables.userName=htmlEditFormat(cookie.rememberMe) />

    </cfif>

    ...

    <cfinput type="text" name="UserName" maxlength="14" size="12" value="#variables.userName#" />

    Should this code be running on the form page? The way I see it, the username is only known after the form submits it to the action page, validate.cfm. We could then place the following code, for example, in validate.cfm:

     

    <cfcookie name = "userName" value = "#form.userName#" expires = "1">

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 26, 2012 9:53 AM   in reply to BKBK

    I failed to mention that you need to set the cookie value upon a successful login. You can use CFCOOKIE to do so on the page that displays after login.

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 26, 2012 10:12 AM   in reply to jamie61880

    RE: Should username always display?

     

    Yes, provided: the cookie didn't expire, there no page cache fighting going on, the domain remains constant (127.0.0.1 is different than localhost). I think there are other factors. Again, another reason for my preference to AJAX -- but get this working first.

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 26, 2012 3:06 PM   in reply to jamie61880

    Jamie61880,

     

    Anyone can understand the need for storing the username in a cookie. However, it is inadvisable to store plain password strings in a cookie. It defeats the very purpose of a password.

     
    |
    Mark as:

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points