Solved

CFLocation Tag

Posted on 2000-04-27
13
438 Views
Last Modified: 2013-12-24
I am try to use the CFLocation tag to redirect the user to a logon page.  However, when I use the following coed, the browser just runs away and does not come back.

<CFLOCATION url="logon.cfm" addtoken="no">
0
Comment
Question by:RobotMan
  • 4
  • 3
  • 2
  • +3
13 Comments
 
LVL 5

Expert Comment

by:nathans
ID: 2758952
What do you mean it runs away and does not come back...

We need more information...

1. Is this in the application.cfm file?

If so then you need to make it where when it goes to the logon.cfm files it does a test to see if the file is logon.cfm or not.


2. Is the logon.cfm file in the current directory?
0
 

Expert Comment

by:agunner
ID: 2759131
Hi RobotMan,

Do you mean that it seems to go into an endless loop with your status bar flickering through files?  

Try using a cfinclude:

<cfinclude template="login.cfm">

Hope this helps,

AL
0
 

Expert Comment

by:agunner
ID: 2759140
opps..typo

I mean <cfinclude template="logon.cfm>
0
 
LVL 3

Expert Comment

by:dapperry
ID: 2759264
Sometimes CFLOCATION is a problem becuase the entire page that calls it doesn't load.   Better to use:

<script language="javascript">
   location.replace("logon.cfm");
</script>

:) dapperry
0
 
LVL 3

Expert Comment

by:dapperry
ID: 2759279
Or , if you want to keep the page in history do something like this:

<body onLoad="document.form1.submit()">
<form name="form1" action="logon.cfm">
</form>
</body>

:) dapperry
0
 

Author Comment

by:RobotMan
ID: 2760944
 What I mean by "just runs away" is that the browser turns white, the hour glass "busy" comes on and the browser never shows anything.  And yes, logon.cfm is in the same directory.
  I tried AGunner's suggestion and got the following error:

Template file not found.
HTTP/1.0 404 Object Not Found
The error occurred while processing an element with a general identifier of (CFINCLUDE), occupying document position (1:1) to (1:32).

  If it will help, this is how I am using the code:

<CFAPPLICATION name="SecureApp" clientmanagement="yes" sessionmanagement="yes" setclientcookies="yes">
<CFIF NOT IsDefined("Client.LoggedIn")>
      <CFSET Client.LoggedIn=FALSE>
</CFIF>
<CFIF Client.LoggedIn = FALSE>
        <CFLOCATION url="logon.cfm" addtoken="NO">
</CFIF>
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 2

Expert Comment

by:dlewis9
ID: 2760977
Try what nathans suggested..test inside application.cfm to make sure you're not on the logon.cfm page..if you are, don't execute the code or it will keep looping like you described..

You will probably use the CGI.SCRIPT_NAME variable to get what page you are on.

Give him the points if that works :)
0
 

Author Comment

by:RobotMan
ID: 2766828
I do not have the code on my logon page...  What do I need to test for???
0
 
LVL 2

Expert Comment

by:dlewis9
ID: 2767846
application.cfm runs at the start of every Cold Fusion page you load.. (if one exists in the same directory or above)

So if logon.cfm and application.cfm are in the same directory, you'll need to do something like this in the application.cfm to skip processing when on the logon page:

<CFAPPLICATION name="SecureApp" clientmanagement="yes" sessionmanagement="yes" setclientcookies="yes">
<CFIF CGI.SCRIPT_NAME DOES NOT CONTAIN "logon.cfm">
<CFIF NOT IsDefined("Client.LoggedIn")>
<CFSET Client.LoggedIn=FALSE>
</CFIF>
<CFIF Client.LoggedIn = FALSE>
        <CFLOCATION url="logon.cfm" addtoken="NO">
</CFIF>
</CFIF>

you might want to use "IS NOT" instead of "DOES NOT CONTAIN"..but check and see exactly what is in CGI.SCRIPT_NAME so that you can do an exact comparison.  (CGI.SCRIPT_NAME is a built in server variable)

0
 

Author Comment

by:RobotMan
ID: 2770340
Adjusted points from 10 to 15
0
 

Author Comment

by:RobotMan
ID: 2770342
Okay,  I have inserted the following code into all the pages in my project:

<CFAPPLICATION name="SecureApp" clientmanagement="yes" sessionmanagement="yes" setclientcookies="yes">

<CFIF NOT IsDefined("Client.LoggedIn")>
      <CFSET Client.LoggedIn = FALSE>
</CFIF>
<CFIF Client.LoggedIn EQ FALSE>
      <CFIF CGI.SCRIPT_NAME DOES NOT CONTAIN "logon.cfm">
        <CFLOCATION url="logon.cfm" addtoken="NO">
      </CFIF>
</CFIF>

This seems to be working.  I use the following code on the login page after I have evaluated whether or not the user has supplied the correct information:

<CFSET Client.IDNum = #IDNum#>
<CFSET Client.LoggedIn = TRUE>

I also want to be able to allow the user to log off.  I have attempted doing this by using on onClick event driven button to open a new window with the following code in it:

<CFAPPLICATION name="SecureApp" clientmanagement="yes" sessionmanagement="yes" setclientcookies="yes">

<CFIF NOT IsDefined("Client.LoggedIn")>
      <CFSET Client.LoggedIn = FALSE>
</CFIF>
<CFIF Client.LoggedIn EQ FALSE>
      <CFIF CGI.SCRIPT_NAME DOES NOT CONTAIN "logon.cfm">
        <CFLOCATION url="logon.cfm" addtoken="NO">
      </CFIF>
</CFIF>

<html>
<head><title>Log Off</title></head>
<script LANGUAGE=JAVASCRIPT>
function Refresh()
    {
      opener.location.reload(true);
      window.close();
    }
</script>
<body bgcolor="#003163">

<!-- Here is where I reset the Client variables -->
<CFOUTPUT>
    <CFSET Client.LoggedIn=FALSE>
    <CFSET Clint.IDNum = 0>
</CFOUTPUT>

<center>
<a href="">
<img border="0" src="images/LogOff.gif" onClick="Refresh();">                  
</a>
</center>
</body>
</html>

Yet, this does not seem to work.  In fact, I am having a hard time in general getting the variables to be reset.  Can the values not be set across windows?  If not, then what would you suggest one do to allow a user to log off by pressing a button or closing the window?  Is there a way, as with cookies, that these variables can be set to expire?  Can I use javascript to reassign the variables, or does the work need to be done server side?
0
 
LVL 2

Expert Comment

by:dlewis9
ID: 2774337
I tried out your code and it seems to work fine (after one correction..see below)  The code to reset the variables is correct.

It is a little interesting how you are using the javascript, but i see what it does..the code actually logs them off before the image is clicked, however.

Let me know a little more about what it's doing wrong if you can..

Some comments:

1) Client is misspelled in the logoff page above..I had to correct that to get it work.  Did you overlook that perhaps?

2) The code for checking to see if they've logged in or not can and should eventually be kept in the application.cfm page so that you don't have to put it on every page.  application.cfm runs automatically before every page if it exists in the same directory or above.
0
 
LVL 9

Accepted Solution

by:
Dain_Anderson earned 15 total points
ID: 2793754
Here is a way you can try the application.cfm, logon.cfm, and logout.cfm files:

APPLICATION.CFM File:

<CFAPPLICATION
    NAME="SecureApp"
    CLIENTMANAGEMENT="yes"
    SESSIONMANAGEMENT="yes"
    SETCLIENTCOOKIES="yes">

<CFIF NOT ISDEFINED("Client.LoggedIn")>
    <CFSET CLIENT.LOGGEDIN = FALSE>
</CFIF>

<CFIF CLIENT.LOGGEDIN EQ FALSE>
    <CFSET LOGON = "">
</CFIF>

<CFIF ISDEFINED("logon")>
    <CFSET PATH=GETDIRECTORYFROMPATH(CGI.CF_TEMPLATE_PATH)>
        <CFIF (CGI.CF_TEMPLATE_PATH IS NOT "#path#logon.cfm")>
            <CFINCLUDE TEMPLATE="logon.cfm">
            <CFABORT>
        </CFIF>
</CFIF>    

Logon File:
...if login is true...
<CFSET CLIENT.IDNUM = #IDNUM#>
<CFSET CLIENT.LOGGEDIN = TRUE>


Logout File:
<!--- Loop and delete the client variables --->
<CFLOOP INDEX="x" LIST="#GetClientVariablesList()#">
    <CFSET DELETED = DELETECLIENTVARIABLE("#x#")>
</CFLOOP>

<!--- Kill the built-in client variables --->
<CFCOOKIE NAME="cfid" EXPIRES="NOW">
<CFCOOKIE NAME="cftoken" EXPIRES="NOW">
<CFCOOKIE NAME="cfglobals" EXPIRES="NOW">

<!---Clear the application and session information --->
<CFSET STRUCTCLEAR(SESSION)>
<CFSET STRUCTCLEAR(APPLICATION)>


Hope that helps.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Have you ever sent email via ColdFusion and thought of tracking this mail to capture the exact date and time when the message was opened ?  If yes, then this article is for you ! First we need a table user_email with columns user_id , email , sub…
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now