9 Replies Latest reply: Jul 26, 2012 3:06 PM by BKBK RSS

    Cookie login

    jamie61880 Community Member

      Hi,

          I was just wondering how to get my text box on my login screen to remember my username when I come back to it? I'm thiking I need some sort of cookie. I want it to be as simple as possible. Below is what is on my login screen now. Does someone know how I can do this? Thanks.

      Andy

       

       

      <html>

      <head>

          <title>Ironwood Electronics Member Login</title>

         

      <script type="text/javascript">

       

      function rfqlogin()

      {

      document.foo.rfq_login.value="yes";

      document.foo.eco_login.value="no"

      document.foo.action ="validate.cfm";

      document.foo.submit();

      }

       

       

      function ecologin()

      {

      document.foo.eco_login.value="yes";

      document.foo.rfq_login.value="no";

      document.foo.action ="validate.cfm";

      document.foo.submit();

      }

       

      </script>

       

      </head>

       

      <body>

       

      <link href="styles/admin.css" rel="stylesheet" type="text/css">

       

      --->

       

      <table border="0" cellpadding="0" cellspacing="0" align="center">

       

        <tr>

         <td colspan=4><img src="images/login.jpg" width="389" height="84" border="0" alt="login"></td>

        </tr>

       

            <tr>

          <td> </td>

          </tr>

       

        <tr>

      <cfform name="foo" <!--- action="validate.cfm" ---> method="post" onSubmit="return validate()">

       

       

      <tr><td width=124></td><td align="left">User name:  <input type="text" name="UserName" maxlength="14" size="12"></td>

           </tr>

         

         <tr><td width=124></td>

          <td align="left">Password:   <input type="Password" name="password" maxlength="14" size="12"></td></tr>

       

      <!------ IF MESSAGE EXISTS, DISPLAY ERRORS IN FORM ------->

       

        <CFIF IsDefined("url.message")>

        <CFOUTPUT>

       

        <tr><td> </td>

        <td><img src="images/warning.gif" align="left" width="22" height="22" border="0" alt="">

        <span class="error">#url.message#</span>

        </td></tr>

       

        </CFOUTPUT>

        </CFIF>

         

         

       

          <tr>

          <td>

       

      </td>

       

       

      <tr>

      <td>

       

      </td>

      </tr>

       

      <tr>

      <td align="center" colspan=4>

         

          <!--- This is set up now so there can be 2 different Add Buttons. --->

      <cfinput type="button" name="submitBtn" onclick="rfqlogin()" value="RFQ Login">

      <cfinput type="button" name="submitBtn" onclick="ecologin()" value="ECO Register Login">

       

      <!--- These are needed if I want to do something on the next page for a certain section. --->

      <cfinput type="hidden" name="rfq_login">

      <cfinput type="hidden" name="eco_login">

       

          </cfform>

         

          </td>

         </tr>

       

      </table>

       

       

      </body>

      </html>

        • 1. Re: Cookie login
          Steve Sommers Community Member

          There are a few ways to accomplish this. I prefer an AJAX approach but for simplicity, add the following somewhere above the username field and add value="#variables.username#" in the cfinput tag for username:

           

          <cfset variables.userName="" />

          <cfif isDefined("cookies.rememberMe")>

               <cfset variables.userName=htmlEditFormat(cookie.rememberMe) />

          </cfif>

          ...

          <cfinput type="text" name="UserName" maxlength="14" size="12" value="#variables.userName#" />

           

          Like I said, I prefer AJAX to populate the UserName field. I encrypt the cookie value that is stored on the client PC and the server page that returns the AJAX response decrypts the value for me.

           

          On a side note, notice my use of htmlEditFormat(). This is to prevent using the cookie for a cross site scripting (XSS) attack. I noticed you output url.message in your template above. This is ripe for a XSS attack. I only noticed because much of my early code used identical code and it weren't pretty when my code encountered a PCI security scanner for the first time several years back.

          • 2. Re: Cookie login
            jamie61880 Community Member

            Steve,

                I tried this code, but it doesn't do anything. I noticed on the If IsDeifined line, you have cookies.rememberMe and on the line below it, you have cookie.rememberMe. Does this matter? I tried putting the 2nd line to cookies.rememberMe, but it still doesn't display the username in the box. What do I have to change? Thanks.

             

            Andy

            • 3. Re: Cookie login
              jamie61880 Community Member

              Steve,

                     I was also wondering, does it matter how I go back to the login page? I've just been clicking a favorites tab to get back to it. It's not from a link or anything. Shouldn't the username just display in the text box anytime I come back to this log in page as long as I don't erase the cookies?

               

              Andy

              • 4. Re: Cookie login
                BKBK MVP

                jamie61880 wrote:

                 

                Steve,

                    I tried this code, but it doesn't do anything. I noticed on the If IsDeifined line, you have cookies.rememberMe and on the line below it, you have cookie.rememberMe. Does this matter? I tried putting the 2nd line to cookies.rememberMe, but it still doesn't display the username in the box. What do I have to change?

                It does matter. Change the line <cfif isDefined("cookies.rememberMe")> to <cfif isDefined("cookie.rememberMe")>

                • 5. Re: Cookie login
                  BKBK MVP

                  Steve Sommers wrote:

                   

                  There are a few ways to accomplish this. I prefer an AJAX approach but for simplicity, add the following somewhere above the username field and add value="#variables.username#" in the cfinput tag for username:

                   

                  <cfset variables.userName="" />

                  <cfif isDefined("cookies.rememberMe")>

                       <cfset variables.userName=htmlEditFormat(cookie.rememberMe) />

                  </cfif>

                  ...

                  <cfinput type="text" name="UserName" maxlength="14" size="12" value="#variables.userName#" />

                  Should this code be running on the form page? The way I see it, the username is only known after the form submits it to the action page, validate.cfm. We could then place the following code, for example, in validate.cfm:

                   

                  <cfcookie name = "userName" value = "#form.userName#" expires = "1">

                  • 6. Re: Cookie login
                    Steve Sommers Community Member

                    I failed to mention that you need to set the cookie value upon a successful login. You can use CFCOOKIE to do so on the page that displays after login.

                    • 7. Re: Cookie login
                      Steve Sommers Community Member

                      RE: Should username always display?

                       

                      Yes, provided: the cookie didn't expire, there no page cache fighting going on, the domain remains constant (127.0.0.1 is different than localhost). I think there are other factors. Again, another reason for my preference to AJAX -- but get this working first.

                      • 8. Re: Cookie login
                        jamie61880 Community Member

                        I found this code to work:

                         

                        <cfif IsDefined("cookie.UserName")>

                            <cfset UserName = cookie.UserName>

                        <cfelse>

                            <cfset UserName = "">

                        </cfif>

                         

                        <cfif IsDefined("cookie.password")>

                            <cfset password = cookie.password>

                        <cfelse>

                           <cfset password = "">

                        </cfif>

                         

                        <tr><td width=124></td><td align="left">User name:  <input type="text" name="UserName" maxlength="14" size="12" value="#UserName#"></td>

                             </tr>

                           

                           <tr><td width=124></td>

                            <td align="left">Password:   <input type="Password" name="password" maxlength="14" size="12" value="#password#"></td></tr>

                         

                         

                        How can I do this now:

                         

                        If someone starts typing a different username, clear out password box.

                         

                        I know this is just an onclick event, but I don't understand how to just clear out the password box. Does anyone know?

                         

                        Thanks.

                        Andy

                        • 9. Re: Cookie login
                          BKBK MVP

                          Jamie61880,

                           

                          Anyone can understand the need for storing the username in a cookie. However, it is inadvisable to store plain password strings in a cookie. It defeats the very purpose of a password.