Cookie login

Report · Jul 25, 2012

Hi,

I was just wondering how to get my text box on my login screen to remember my username when I come back to it? I'm thiking I need some sort of cookie. I want it to be as simple as possible. Below is what is on my login screen now. Does someone know how I can do this? Thanks.

Andy

<html>

<head>

<title>Ironwood Electronics Member Login</title>

function rfqlogin()

{

document.foo.rfq_login.value="yes";

document.foo.eco_login.value="no"

document.foo.action ="validate.cfm";

document.foo.submit();

}

function ecologin()

{

document.foo.eco_login.value="yes";

document.foo.rfq_login.value="no";

document.foo.action ="validate.cfm";

document.foo.submit();

}

</script>

</head>

<body>

--->

<tr>

</tr>

<tr>

</tr>

<tr>

<cfform name="foo"  method="post" onSubmit="return validate()">

</tr>

<td align="left">Password: <input type="Password" name="password" maxlength="14" size="12"></td></tr>

<span class="error">#url.message#</span>

</td></tr>

</CFOUTPUT>

</CFIF>

<tr>

<td>

</td>

<tr>

<td>

</td>

</tr>

<tr>

</cfform>

</td>

</tr>

</table>

</body>

</html>

Report · Jul 25, 2012

There are a few ways to accomplish this. I prefer an AJAX approach but for simplicity, add the following somewhere above the username field and add value="#variables.username#" in the cfinput tag for username:

</cfif>

...

Like I said, I prefer AJAX to populate the UserName field. I encrypt the cookie value that is stored on the client PC and the server page that returns the AJAX response decrypts the value for me.

On a side note, notice my use of htmlEditFormat(). This is to prevent using the cookie for a cross site scripting (XSS) attack. I noticed you output url.message in your template above. This is ripe for a XSS attack. I only noticed because much of my early code used identical code and it weren't pretty when my code encountered a PCI security scanner for the first time several years back.

Report · Jul 26, 2012

Steve,

I tried this code, but it doesn't do anything. I noticed on the If IsDeifined line, you have cookies.rememberMe and on the line below it, you have cookie.rememberMe. Does this matter? I tried putting the 2nd line to cookies.rememberMe, but it still doesn't display the username in the box. What do I have to change? Thanks.

Andy

Report · Jul 26, 2012

jamie61880 wrote:
Steve,
I tried this code, but it doesn't do anything. I noticed on the If IsDeifined line, you have cookies.rememberMe and on the line below it, you have cookie.rememberMe. Does this matter? I tried putting the 2nd line to cookies.rememberMe, but it still doesn't display the username in the box. What do I have to change?

It does matter. Change the line <cfif isDefined("cookies.rememberMe")> to <cfif isDefined("cookie.rememberMe")>

Report · Jul 26, 2012

Steve,

I was also wondering, does it matter how I go back to the login page? I've just been clicking a favorites tab to get back to it. It's not from a link or anything. Shouldn't the username just display in the text box anytime I come back to this log in page as long as I don't erase the cookies?

Andy

Report · Jul 26, 2012

RE: Should username always display?

Yes, provided: the cookie didn't expire, there no page cache fighting going on, the domain remains constant (127.0.0.1 is different than localhost). I think there are other factors. Again, another reason for my preference to AJAX -- but get this working first.

Report · Jul 26, 2012

I found this code to work:

</cfif>

</cfif>

</tr>

<td align="left">Password: <input type="Password" name="password" maxlength="14" size="12" value="#password#"></td></tr>

How can I do this now:

If someone starts typing a different username, clear out password box.

I know this is just an onclick event, but I don't understand how to just clear out the password box. Does anyone know?

Thanks.

Andy

Report · Jul 26, 2012

Jamie61880,

Anyone can understand the need for storing the username in a cookie. However, it is inadvisable to store plain password strings in a cookie. It defeats the very purpose of a password.

Report · Jul 26, 2012

Steve Sommers wrote:
There are a few ways to accomplish this. I prefer an AJAX approach but for simplicity, add the following somewhere above the username field and add value="#variables.username#" in the cfinput tag for username:
<cfset variables.userName="" />
<cfif isDefined("cookies.rememberMe")>
<cfset variables.userName=htmlEditFormat(cookie.rememberMe) />
</cfif>
...
<cfinput type="text" name="UserName" maxlength="14" size="12" value="#variables.userName#" />

Should this code be running on the form page? The way I see it, the username is only known after the form submits it to the action page, validate.cfm. We could then place the following code, for example, in validate.cfm:

Report · Jul 26, 2012

I failed to mention that you need to set the cookie value upon a successful login. You can use CFCOOKIE to do so on the page that displays after login.

Adobe Community

Cookie login