[Webinar] Streamline your web hosting managementRegister Today

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 226
  • Last Modified:

Force logon

How do I force users to logon before go further to other web pages ?
currently, I found that if users know the name of other web documents e.g.


Then users can directly type the above url and by pass the logon page e.g.
  • 3
  • 3
1 Solution
You did a login page? Once the user log on your login page what happen? you check if user and password match you have in the database, then you set session variable ?

Anyway, that's what you should do, set session variable (which will be available through all your website)

exemple :

<!--- once the user log on --->
<CFSET Session.memberid="#memberid#">
<CFSET Session.accesslevel="#accesslevel#">            
<CFSET Session.nick="#nick#">      

Once your session variable are set, put some code at the begining of each page that need to be logged to access them, that code need to check if the user was logged, be verifing if the session variable exist, if they doesn't existe, you can simply give a message that the user need to be logged, or if you want to make it a level deeper, you can use access level as i did in the following exemple.  Accesslevel is a field taken from the database, that i also set as a session variable and check it in every pages, depending on the page, the user will need a certain accesslevel to be able to see the page. if it's lower than the required access level i don't let him go furter. i hope this help, if you need more info ask i'll help out.

<CFIF NOT IsDefined("session.memberid")>
     <CFINCLUDE TEMPLATE="common/loginrequired.cfm">
     <CFIF session.accesslevel less than 6>
          <CFINCLUDE TEMPLATE="common/accessdenied.cfm">
adrianmakAuthor Commented:
Do the Cold Fusion Security can be integrated with NT server user account ?
That's mean I can use NT user account for security check instead of build another database to serve this purpose
mmmm.. i don't see how you could link the NT user account with
ColdFusion. my answer will be "I don't know" but i doubt it's possible... you may want to look around to find if it is possible.
Maybe on Allaire's board can you get that information.
[Webinar] Improve your customer journey

A positive customer journey is important in attracting and retaining business. To improve this experience, you can use Google Maps APIs to increase checkout conversions, boost user engagement, and optimize order fulfillment. Learn how in this webinar presented by Dito.

>>Do the Cold Fusion Security can be integrated with NT server user account ?<<

The last place I worked we used a tag called NTUSERLOGON to do just that. Try a search for it on Allaire's site. I think that's where we got it.
Oh and, you don't have to put the login verification at the top of every page. Just put it in the application.cfm page of the login directory. Application.cfm is automatically included in every page that is called from it's directory.
hehe Punker is right, unless you use access level that can be differente for every page =)
In which case, surround your CFML in an if statement, like so:

<cfif Session.SecLevel GTE "2">
This is the page.
<script language="javascript">
alert("You aren't allowed to view this page!");

For cleaner code, you can keep all this in the application.cfm file. For example, the Login directory would allow people of security level 1 and above to view all pages, in Login/Reports/ the application.cfm would allow security levels 2 and higher, Login/Admin/ security levels 3 and higher, etc.

I've done it both ways, depending on the scope of the project. It's all in how you want to do it.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now