Advertisement

10.15.2004 at 08:16AM PDT, ID: 21169944
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
6.0

ColdFusion Authentication Cache Problem After Browser Closes

Asked by sphay in ColdFusion Application Server, ColdFusion Studio

Tags:

I'm having this problem with my browser caching login information, even after the browser is closed and reopened.  I have checked the box to use J2EE sessions ( a setting in CF Admin) so I thought that should take care of the problem, but it has not.  Also, I’ve waited until the session timeout period is over inside the CFAPPLICATION tag (5 minutes) (with all browers closed) and it is still cached. It does loose it when session timeout period is over from CF ADMIN 20 min.  However, I thought the sessiontimeout period in the tag overrides the timeout period in ColdFusion Administrator?   Please help!

Scenario:  I am authenticating users using their Oracle username and password.  I also have a form that allows them to change their password.  I am able to successfullly change my password.  I close my browser.  Then I try to log in and I am able to use my username and BOTH passwords work (original and new).  Where is this being cached?  If you look at my logout code below, you'll see I've tried to delete every session variable.  

Please be kind, I've tried many suggestions and can't get it to work.

ColdFusion MX (using standalone on pc for development right now, will move to CFMX on IIS in a couple months)
Windows 2000
Internet Explorer 6

I have tried to use the CFLOGIN framework but that doesn't work either.  

The four primary pages are listed here.  Note: all code is attached for each page.

1.  application.cfm
2.  loginform.cfm
3.  logincheck.cfm
4.  logout.cfm

application.cfm
_______________________________________________________

<!--- Set application to no-cache allowed --->
<cfheader name="Expires" value="-1">
<cfheader name="Pragma" value="no-cache">
<cfheader name="cache-control" value="no-cache, no-store, must-revalidate">

<!--- Name the application, enable application variables --->
<CFAPPLICATION Name="Main"
      applicationtimeout="#createtimespan(0,0,5,0)#"
      sessiontimeout="#createtimespan(0,0,5,0)#"
      clientmanagement="no"
      sessionmanagement="yes"
      setclientcookies="yes">
      
<cfsetting showDebugOutput="Yes">
<cfset Main_DataSource = "prod" >

<cfif not isdefined("session.auth.isloggedin")>
<cfif isdefined("form.userlogin")>
<cfinclude template="logincheck.cfm">
</cfif>
<cfinclude template="loginform.cfm">
<cfabort>
</cfif>
__________________________________________________
loginform.cfm:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Login Form</title>
</head>

<!--- Place cursor in "User Name" field when page loads --->
<body onLoad="document.UserLoginForm.UserLogin.focus();">
<h1>Login form</h1>
<!--- Start Login Form --->
<cfform action="#CGI.SCRIPT_NAME#" name="UserLoginForm" method="post">
<!--- make the username and password fields required --->
<p>
  <input type="hidden" name="UserLogin_required">
  <input type="hidden" name="UserPassword_required">
 
</p>
<p>Please enter your username and password to access your account. </p>
<table width="600" border="0">
  <tr>
    <td width="328" height="146"><table width="100%" border="0" background="../../gifs/loginbox.gif">
        <tr>
          <td height="142" valign="top"><br>
            <table width="283" border="0">
              <tr>
                <td width="119"><div align="right">User Name</div></td>
                <td width="154"><cfinput
      type="text"
      name="UserLogin"
      value=""
      maxlength="100"
      required="Yes"
      message="Please type your username first"></td>
              </tr>
              <tr>
                <td><div align="right">Password</div></td>
                <td><cfinput
      type="Password"
      name="UserPassword"
      value=""
      maxlength="100"
      required="Yes"
      message="Please type your password"></td>
              </tr>
          </table>
            <div align="center"><br>
                <input type="submit" value="Log In">
            </div></td>
        </tr>
    </table></td>
    <td width="262" valign="top"><br>
      <ul><li>forgot your password?</li>
      <li>new account</li>
      </ul></td></tr>
</table>
<p>&nbsp;</p>
</cfform>
</body>
</html>
________________________________________________
Logincheck.cfm:

<!--- <cfparam name="form.userlogin" type="string">
<cfparam name="form.userpassword" type="string">--->

<cfquery name="GetUser" datasource="#Main_Datasource#" username="#Form.userlogin#" password="#Form.userpassword#">
Select sysdate
From dual
</cfquery>

<!--- If the GetUser query is processed, Oracle username and password are correct --->
<CFIF GetUser.RecordCount EQ 1>

<cfquery name="EnableRoles" datasource="#Main_Datasource#" username="#Form.UserLogin#" password="#Form.UserPassword#">
Set Role All
</cfquery>

<cfquery name="GetUserRoles" datasource="#Main_Datasource#" username="#Form.UserLogin#" password="#Form.UserPassword#">
Select Granted_Role
From USER_ROLE_PRIVS
</cfquery>

<!--- Retrieve employee id number that matches to user login name, used to set emp_id session variable below --->
<cfquery name="GetUserID" datasource="#Main_Datasource#" username="#Form.UserLogin#" password="#Form.UserPassword#">
Select userid, emp_id, system_id
From employee_accounts
Where system_id = 'ORACLE' AND
userid = '#UCase(FORM.UserLogin)#'
</cfquery>

<!--- Consider the user "logged in" --->
<cflock scope="session" type="Exclusive" timeout="20">
<cfset session.auth = structnew()>
<cfset session.auth.isloggedin = "yes">
<cfset session.auth.userlogin = "#GetUserID.userid#">
<cfset session.auth.userpassword = "#Form.UserPassword#">
<cfset session.auth.emp_id = "#GetUserID.emp_id#">
<cfset session.auth.roles = "#ValueList(GetUserRoles.Granted_Role)#">
<cfset session.auth.cfid = "#Cookie.CFID#">
<cfset session.auth.cftoken = "#Cookie.CFTOKEN#">
</cflock>

<cflocation url="#cgi.SCRIPT_NAME#">

</cfif>
_________________________________________________
Logout.cfm:

<!--- Disable roles for current session only--->

<cfquery name="DisableRoles" datasource="#Main_Datasource#" username="#Session.auth.UserLogin#" password="#Session.auth.UserPassword#">
Set Role None
</cfquery>

<cflogout>
<cfif IsDefined("COOKIE.CFAUTHORIZATION_Main")>
<CFCOOKIE name="CFAUTHORIZATION_Main" EXPIRES="NOW">
</cfif>
<cfif IsDefined("COOKIE.CFID")>
<CFCOOKIE name="CFID" EXPIRES="NOW">
</cfif>
<cfif IsDefined("COOKIE.CFTOKEN")>
<CFCOOKIE name="CFTOKEN" EXPIRES="NOW">
</cfif>

<cfset session.auth.UserLogin = "">
<cfset session.auth.UserPassword = "">

<!--- Terminate the user's session by deleting all session variables --->

<cflock timeout=20 scope="Session" type="Exclusive">
      <CFSCRIPT>StructClear(Session.Auth);</CFSCRIPT>
      <cfset StructDelete(session.auth, "isloggedin")>
      <cfset StructDelete(session.auth, "CFID")>
      <cfset StructDelete(session.auth, "CFTOKEN")>
      <cfset StructDelete(session.auth, "UserLogin")>
      <cfset StructDelete(session.auth, "UserPassword")>
      <cfset StructDelete(session.auth, "emp_id")>
      <cfset StructDelete(session, "CFID")>
      <cfset StructDelete(session, "CFTOKEN")>
      <cfset StructDelete(session, "URLToken")>
      <cfset StructDelete(session, "SessionID")>
</cflock>

<CFAPPLICATION Name="AIS_Main"
      applicationtimeout="#createtimespan(0,0,0,0)#"
      sessiontimeout="#createtimespan(0,0,0,0)#"
      clientmanagement="no"
      sessionmanagement="yes"
      setclientcookies="yes">
      
<cflocation url="/test/index.htm">

___________________________________________________




Start Free Trial
 
Keywords: ColdFusion Authentication Cache Probl…
Title
1 <CFScript> Vs <CFSet> and <CFIF>
2 CFSELECT and CFIF
3 nesting <cfif> and <cfset>
4 <cfset> help
5 using <br> in a CFSET
6 CFLOGIN persists after browser close…
 
Loading Advertisement...
 
[+][-]10.15.2004 at 01:37PM PDT, ID: 12323510

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10.18.2004 at 12:41PM PDT, ID: 12341412

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]10.18.2004 at 12:48PM PDT, ID: 12341468

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10.18.2004 at 01:06PM PDT, ID: 12341629

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]10.19.2004 at 12:19AM PDT, ID: 12345164

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10.19.2004 at 12:40PM PDT, ID: 12351199

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]11.03.2004 at 08:45PM PST, ID: 12490097

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]11.04.2004 at 05:11AM PST, ID: 12493115

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]11.04.2004 at 02:46PM PST, ID: 12499340

Experts Exchange has a courteous staff of administrators who help members get the most out of the website by means of administrative comments like this one.

Start your 7-day free trial to view this Administrative Comment or ask the Experts your question.

 
[+][-]11.08.2004 at 12:51PM PST, ID: 12527334

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: ColdFusion Application Server, ColdFusion Studio
Tags: coldfusion
Sign Up Now!
Solution Provided By: ee_ai_construct
Participating Experts: 3
Solution Grade: B
 
 
 
Loading Advertisement...
20080716-EE-VQP-32 - Hierarchy