This content has been marked as final. Show 3 replies
You probably used a key login variable in the wrong scope. Typically, Variables or Application in place of Session, Client or Cookie. You cannot be logged into a site for everyone. Coldfusion stores login details in session scope or in cookie scope. Normally, everyone has their own session and/or cookie, and so the sharing of login should not occur.
Place the link <a href="logout.cfm">log me out</a> on any page from which you might wish to log out. Create the page logout.cfm. It contains just one line of code, namely
Whenever you click on the link Coldfusion will log you out.
Agreed. I used to do this all the time in Classic ASP using a session
variable. But when my client went to the web site from his remote computer
the site was already logged in using my username and password. It is
Is there something I am missing in the application page?
<cfapplication name="ms411" setclientcookies="yes" sessionmanagement="yes"
or something in the stock DW/CF login:
<cfquery name="rsUser" datasource="mshop411">
SELECT username,password,priv FROM ms411.admin WHERE
username='#FORM.username#' AND password='#FORM.password#'
<!--Service Categories for Search Engine -->
<cfif rsUser.RecordCount NEQ 0>
<cflock scope="Session" timeout="60" type="Exclusive">
<cfif IsDefined("URL.accessdenied") AND true>
<cflocation url="#redirectLoginSuccess#" addtoken="no">
<!--- code for handling timeout of cflock --->
<cflocation url="#redirectLoginFailed#" addtoken="no">
<cfif CGI.QUERY_STRING NEQ "">
<cfset LoginAction=LoginAction & "?" & XMLFormat(CGI.QUERY_STRING)>
Your code authenticates the user, but does not log him in. To do so, you need the cfloginuser tag. That identifies the user to Coldfusion as logged in. It also enables you to apply <cflogout>. This tag would only log a user out, if he was logged in by means of <cfloginuser>.