• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Is it common to use cflogin ?

New Here ,
Dec 27, 2006 Dec 27, 2006

Copy link to clipboard

Copied

Hi, I'm using cflogin for my login/logoff actions inside my application.cfm(sample pasted below). There is basically only a few users on this app. I'm new to coldfusion so my questions are:

1. Is this a new common practice to use cflogin?

2. In firefox, every time I login, I see a cookie generated, but in IE, I don't seem to see a cookie being generated so how come it still works in IE, is cookie hidden?

Thanks so much for your help,
C

My sample cflogin code:
<cflogin>
<cfif NOT IsDefined("cflogin")>
<cfinclude template="loginform.cfm"> <cfabort>
<cfelse>
<cfif cflogin.name eq "admin">
<cfset roles = "user,admin">
.......
TOPICS
Advanced techniques

Views

699

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Dec 27, 2006 Dec 27, 2006

Copy link to clipboard

Copied

1. Is this a new common practice to use cflogin?

There where some issues with the early implementations of cflogin, but I
believe they have been patched. Unfortunately, I don't use it much
because most of my user verifications and validation go beyond the
capabilities of cflogin and we use our own system.

2. In firefox, every time I login, I see a cookie generated, but in
IE, I don't seem to see a cookie being generated so how come it still
works in IE, is cookie hidden?

Cookies are created in all browsers or the cfide/cftoken values must be
passed through the URL, otherwise CF doesn't know what requests belong
to what user. These can be "memory" cookies that are not going to
persist beyond the closing of the browser, so they are not written to
files, so maybe IE doesn't show memory cookies. I do not know.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Dec 27, 2006 Dec 27, 2006

Copy link to clipboard

Copied

I have one application where I use cflogin. It works well. My audience is intranet and we don't support Firefox. I use cfcookie to set the cookie.

In my application, I have a logout page. The reason I mention it, is, where you have this:
<cfif NOT IsDefined("cflogin")>
I have this:
<cfif isDefined( "cflogin" ) and not cgi.SCRIPT_NAME contains "logout">

It might be relevent.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Dec 27, 2006 Dec 27, 2006

Copy link to clipboard

Copied

Hi Ian and Dan, thanks so much for answering my question. I'm using cflogin currently, it seems to work well and thanks for telling me your experiences too.

Thanks so much,
C

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Dec 27, 2006 Dec 27, 2006

Copy link to clipboard

Copied

Hi, I have a question regarding expanding my use of cflogin:

1. In the future, I may have to incorporate roles into my login system, I've seen this code before, I was wondering if you had any comments or experiences on this?

2. Dan, in my cflogin code in application.cfm, I don't set any cookie (not knowingly), but it still seems to work, is this a problem in my code that I have to investigate ?

Thanks so much,
C

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Dec 27, 2006 Dec 27, 2006

Copy link to clipboard

Copied

quote:

Originally posted by: coldfuse228
Hi, I have a question regarding expanding my use of cflogin:

2. Dan, in my cflogin code in application.cfm, I don't set any cookie (not knowingly), but it still seems to work, is this a problem in my code that I have to investigate ?
C

As I alluded to earlier, logging people out may be a problem.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Dec 27, 2006 Dec 27, 2006

Copy link to clipboard

Copied

1. In the future, I may have to incorporate roles into my login system,
I've seen this code before, I was wondering if you had any comments or
experiences on this?

Yes it can, then you use the isUserInRole() function to determine get a
boolean of whether the user is in a given role. This is one of the
limitations that prompted us to role our own system. You can ask if a
user is in a given role, but you can not ask, what role(s) is a user in.

2. Dan, in my cflogin code in application.cfm, I don't set any cookie
(not knowingly), but it still seems to work, is this a problem in my
code that I have to investigate ?
CF automatically sets the needed cookies, CFIDE/CFTOKEN usually. You
only need to worry about this if you want to insure that these cookies
are temporary memory cookies that expire that the closing of the
browser. Otherwise they default to being permanent cookies with
temporary values in them.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Dec 27, 2006 Dec 27, 2006

Copy link to clipboard

Copied

Hi Ian,

1. Regarding your response to #1, so that means isUserInRole() can only check if a user is in one particular role. Your own version could do something like isUserInRoles(manager, secretary, admin) ?

2. If a user was an manager, secretary, and admin, I would have to do some sort of loop using isUserInRole to test for it?

Thanks so much,
C

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Dec 27, 2006 Dec 27, 2006

Copy link to clipboard

Copied

1. Regarding your response to #1, so that means isUserInRole() can only
check
if a user is in one particular role. Your own version could do
something like
isUserInRoles(manager, secretary, admin) ?

2. If a user was an manager, secretary, and admin, I would have to do
some
sort of loop using isUserInRole to test for it?

Thanks so much,

Exactly and I can also do something like whatRolesDoesUserHave(). I'm
pretty sure I have a better function name then that, but it describes it
well. For tracking and accountability we like to know exactly what
roles are assigned to the user when they did something, not just that
they had one specific one.

Weird, but that is the way we work.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Dec 27, 2006 Dec 27, 2006

Copy link to clipboard

Copied

Hi Dan, so after your line:
<cfif isDefined( "cflogin" ) and not cgi.SCRIPT_NAME contains "logout">
you would then display the login.cfm page
and you might have:
<cfif isDefined( "cflogin" ) and cgi.SCRIPT_NAME contains "logout">
you would then display the logout page?

So the difference is mainly that on logoff you would display a logoff page ?
Thanks so much Dan for replying back,
C

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Dec 27, 2006 Dec 27, 2006

Copy link to clipboard

Copied

quote:

Originally posted by: coldfuse228
Hi Dan, so after your line:
<cfif isDefined( "cflogin" ) and not cgi.SCRIPT_NAME contains "logout">
you would then display the login.cfm page
and you might have:
<cfif isDefined( "cflogin" ) and cgi.SCRIPT_NAME contains "logout">
you would then display the logout page?

So the difference is mainly that on logoff you would display a logoff page ?
Thanks so much Dan for replying back,
C


Actually, on my logout page, I run whatever cf code is required to log them off, and then cflocate them to our home page.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Dec 29, 2006 Dec 29, 2006

Copy link to clipboard

Copied

LATEST
Hi Dan, thank you for your response. I was wondering about your input about my handling on logoff:

1. application.cfm: I have code:
<cfif IsDefined("Form.logout")><cflogout></cfif>

2. On each page I have this:
<cfif GetAuthUser() NEQ "">
<cfform name="logoutForm" id="logoutForm" action="index.cfm" ... >
<cfinput type="submit" name="Logout" value="Logout" /></cfform>

So when user clicks logoff form is submitted and code in application.cfm kicks in. Do you think this is a good way to logoff or any pitfalls in this?

Thanks so much,
C

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation