My session is everyones session...

Report · Jul 08, 2006

I am attempting to have a login page using the stock DW/CF login. It seemed
to work fine, however, when anyone goes the site, they are using my logged
in account. I am logged into the site for everyone.

There has to be an problem here somewhere. Also it will not allow me to log
out.

--
Wally Kolcz
Developer / Support

Report · Jul 08, 2006

You probably used a key login variable in the wrong scope. Typically, Variables or Application in place of Session, Client or Cookie. You cannot be logged into a site for everyone. Coldfusion stores login details in session scope or in cookie scope. Normally, everyone has their own session and/or cookie, and so the sharing of login should not occur.

Place the link <a href="logout.cfm">log me out</a> on any page from which you might wish to log out. Create the page logout.cfm. It contains just one line of code, namely

<cflogout>

Whenever you click on the link Coldfusion will log you out.

Report · Jul 08, 2006

Agreed. I used to do this all the time in Classic ASP using a session
variable. But when my client went to the web site from his remote computer
the site was already logged in using my username and password. It is
strange.

Is there something I am missing in the application page?
<cfapplication name="ms411" setclientcookies="yes" sessionmanagement="yes"
sessiontimeout="7">

or something in the stock DW/CF login:

<cfif IsDefined("FORM.username")>
<cfset redirectLoginSuccess="index.cfm">
<cfset redirectLoginFailed="index.cfm?login=falied">
<cfquery name="rsUser" datasource="mshop411">
SELECT username,password,priv FROM ms411.admin WHERE
username='#FORM.username#' AND password='#FORM.password#'
</cfquery>

<cfif rsUser.RecordCount NEQ 0>
<cftry>
<cflock scope="Session" timeout="60" type="Exclusive">
<cfset session.Username=FORM.username>
<cfset session.UserAuthorization=rsUser.priv[1]>
</cflock>
<cfif IsDefined("URL.accessdenied") AND true>
<cfset redirectLoginSuccess=URL.accessdenied>
</cfif>
<cflocation url="#redirectLoginSuccess#" addtoken="no">
<cfcatch type="Lock">

</cfcatch>
</cftry>
</cfif>
<cflocation url="#redirectLoginFailed#" addtoken="no">
<cfelse>
<cfset LoginAction=CGI.SCRIPT_NAME>
<cfif CGI.QUERY_STRING NEQ "">
<cfset LoginAction=LoginAction & "?" & XMLFormat(CGI.QUERY_STRING)>
</cfif>
</cfif>

Report · Jul 09, 2006

Your code authenticates the user, but does not log him in. To do so, you need the cfloginuser tag. That identifies the user to Coldfusion as logged in. It also enables you to apply <cflogout>. This tag would only log a user out, if he was logged in by means of <cfloginuser>.

Adobe Community

My session is everyones session...