3 Replies Latest reply on Jul 9, 2006 4:58 AM by BKBK

    My session is everyones session...

    Level 7
      I am attempting to have a login page using the stock DW/CF login. It seemed
      to work fine, however, when anyone goes the site, they are using my logged
      in account. I am logged into the site for everyone.

      There has to be an problem here somewhere. Also it will not allow me to log
      out.

      --
      Wally Kolcz
      Developer / Support


        • 1. My session is everyones session...
          BKBK Adobe Community Professional & MVP
          You probably used a key login variable in the wrong scope. Typically, Variables or Application in place of Session, Client or Cookie. You cannot be logged into a site for everyone. Coldfusion stores login details in session scope or in cookie scope. Normally, everyone has their own session and/or cookie, and so the sharing of login should not occur.

          Place the link <a href="logout.cfm">log me out</a> on any page from which you might wish to log out. Create the page logout.cfm. It contains just one line of code, namely

          <cflogout>

          Whenever you click on the link Coldfusion will log you out.

          • 2. Re: My session is everyones session...
            Level 7
            Agreed. I used to do this all the time in Classic ASP using a session
            variable. But when my client went to the web site from his remote computer
            the site was already logged in using my username and password. It is
            strange.

            Is there something I am missing in the application page?
            <cfapplication name="ms411" setclientcookies="yes" sessionmanagement="yes"
            sessiontimeout="7">

            or something in the stock DW/CF login:

            <cfif IsDefined("FORM.username")>
            <cfset redirectLoginSuccess="index.cfm">
            <cfset redirectLoginFailed="index.cfm?login=falied">
            <cfquery name="rsUser" datasource="mshop411">
            SELECT username,password,priv FROM ms411.admin WHERE
            username='#FORM.username#' AND password='#FORM.password#'
            </cfquery>
            <!--Service Categories for Search Engine -->
            <cfif rsUser.RecordCount NEQ 0>
            <cftry>
            <cflock scope="Session" timeout="60" type="Exclusive">
            <cfset session.Username=FORM.username>
            <cfset session.UserAuthorization=rsUser.priv[1]>
            </cflock>
            <cfif IsDefined("URL.accessdenied") AND true>
            <cfset redirectLoginSuccess=URL.accessdenied>
            </cfif>
            <cflocation url="#redirectLoginSuccess#" addtoken="no">
            <cfcatch type="Lock">
            <!--- code for handling timeout of cflock --->
            </cfcatch>
            </cftry>
            </cfif>
            <cflocation url="#redirectLoginFailed#" addtoken="no">
            <cfelse>
            <cfset LoginAction=CGI.SCRIPT_NAME>
            <cfif CGI.QUERY_STRING NEQ "">
            <cfset LoginAction=LoginAction & "?" & XMLFormat(CGI.QUERY_STRING)>
            </cfif>
            </cfif>


            • 3. Re: My session is everyones session...
              BKBK Adobe Community Professional & MVP
              Your code authenticates the user, but does not log him in. To do so, you need the cfloginuser tag. That identifies the user to Coldfusion as logged in. It also enables you to apply <cflogout>. This tag would only log a user out, if he was logged in by means of <cfloginuser>.