Solved

Application.cfm and Using Sessions

Posted on 2001-08-15
12
173 Views
Last Modified: 2013-12-24
I hope someone who has gone through this may be able to bail me out. I spent the better part of the day trying to work out this simple application. I'm working basically on a login application that uses sessions. It will hold on to the users info as they access other applications (from a menu inside) and time out after a set period of time of no activity in which they will be thrown back to the login page with a 'Your session has ended' message.

Now my intention with this application is to have the GLOBAL.CFM file run before every page that comes up to check if the user is logged in, and if they are not logged in to send them back to the login page stating You Are No Longer Logged In, Or Your Session Expired!

Once a user has successfully logged in, I don't have anything specific setup on the internal pages to check the status if a user is logged in or not, I'm assuming it can all be done with the global.cfm file. AM I CORRECT?

Below I have enclosed my APPLICATION.CFM, GLOBAL.CFM, LOGIN.CFM, and ACTION_LOGIN.CFM templates for your review.

Also, if you would like to see what the application is currently doing to me, I have it set up for testing at: http://www.parksrun.com/logintest/login.cfm just use "admin" as a username and password.

See what its doing? Can't differentiate between being logged in or not, my guess is my GLOBAL.CFM is scripted incorrectly.



[THIS IS MY APPLICATION.CFM FILE]

<!--- Set this thing up so it knows its app name and management state. --->


<CFAPPLICATION NAME="LOGINTHING"
CLIENTMANAGEMENT="Yes"
SESSIONMANAGEMENT="Yes"
SETCLIENTCOOKIES="Yes"
SESSIONTIMEOUT="#CreateTimeSpan(0,0,1,0)#"
APPLICATIONTIMEOUT="#CreateTimeSpan(0,0,1,0)#">



<!-- Set application constants. -->

<CFSET UserDSN="AutoLogger">


<!-- This template is run before every page to make sure user is logged in. -->

<CFINCLUDE TEMPLATE="global.cfm">








[THIS IS MY GLOBAL.CFM FILE]



<!---Default Log in Status is NO--->
<CFPARAM NAME="SESSION.LOGGEDIN" DEFAULT="NO">

<!---Check to see if user is logged in--->
<CFIF SESSION.LOGGEDIN is "YES">



<!---If user is not logged in, they are sent back to login screen--->
<CFELSE>
<CFSET SESSION.LOGGEDIN = "NO" >
<P ALIGN="center">You Are No Longer Logged In, Or Your Session Expired!</P>
<CFINCLUDE TEMPLATE = "login.cfm">

</CFIF>




[THIS IS MY LOGIN.CFM FILE]

<CFPARAM NAME="SESSION.username" DEFAULT="">
<CFPARAM NAME="SESSION.password" DEFAULT="">
<CFPARAM NAME="SESSION.firstname" DEFAULT="">
<CFPARAM NAME="SESSION.lastname" DEFAULT="">
<CFPARAM NAME="SESSION.loggedin" DEFAULT="NO">


<html>
<head>
<title>LOGIN PAGE</title>
<LINK REL="stylesheet" HREF="styles.css" TYPE="TEXT/CSS">
</head>
<body>
<CFOUTPUT>
<FORM ACTION="action_login.cfm" method="post">
<TABLE WIDTH="400" BORDER="0" CELLSPACING="2" CELLPADDING="2" ALIGN="CENTER">
<TR>
<TD WIDTH="100" ALIGN="RIGHT" VALIGN="MIDDLE">Username:</TD>
<TD WIDTH="286">
<INPUT TYPE="text" NAME="USERNAME" VALUE="#SESSION.username#">
</TD>
</TR>
<TR>
<TD WIDTH="100" ALIGN="RIGHT" VALIGN="MIDDLE">Password:</TD>
<TD WIDTH="286">
<INPUT TYPE="password" NAME="PASSWORD">
</TD>
</TR>
<TR>
<TD WIDTH="100" ALIGN="RIGHT" VALIGN="MIDDLE">&nbsp;</TD>
<TD WIDTH="286">
<INPUT TYPE="submit" NAME="LoginSubmit" VALUE="Login">
</TD>
</TR>
</TABLE>

<CFIF SESSION.firstname is not "">
<P ALIGN="CENTER">Not #SESSION.firstname#? Click <A HREF="deleted.cfm">Here</A>.</P>
</CFIF>

</FORM>
</CFOUTPUT>
</body>
</html>








[THIS IS MY ACTION_LOGIN.CFM FILE]



<CFIF IsDefined("form.username")>
<CFQUERY NAME="CHECK" DATASOURCE="XXXXX">
select *
from userinfo
where USERNAME = '#form.username#'
AND
PASSWORD = '#form.password#'
</CFQUERY>



<CFIF CHECK.RECORDCOUNT EQ 1>
<CFSET #SESSION.username# = #CHECK.username#>
<CFSET #SESSION.password# = #CHECK.password#>
<CFSET #SESSION.firstname# = #CHECK.firstname#>
<CFSET #SESSION.lastname# = #CHECK.lastname#>
<CFSET #SESSION.LOGGEDIN# = "YES">
</CFIF>


<CFIF CHECK.RECORDCOUNT EQ 0>
<P ALIGN="center">Your Username or Password Were Not Found! Please Try Again.</P>
<CFINCLUDE TEMPLATE="login.cfm">
<CFABORT>
</CFIF>







<html>
<LINK REL="stylesheet" HREF="styles.css" TYPE="TEXT/CSS">
<head>
<title>Welcome!</title>
</head>
<body>

Your current settings are:
<UL>
<CFLOOP INDEX="var" LIST=#GetClientVariablesList()#>
<CFOUTPUT>
<LI>#var# = #Evaluate(var)#
</CFOUTPUT>
</CFLOOP>
</UL>



















<br>
<CFOUTPUT>
You have hit us #CLIENT.HitCount# times<br>
You last visited on #CLIENT.lastvisit#<br>
Your account was created on #CLIENT.Timecreated#<br>
</CFOUTPUT>
<br>




<P>Your Session Information:</P>

<br>
<CFOUTPUT>

#SESSION.username# <Br>
#SESSION.password# <Br>
#SESSION.firstname# <Br>
#SESSION.lastname# <Br>
#SESSION.LOGGEDIN# <Br><Br>





</CFOUTPUT>











<CFOUTPUT>#URLToken#

<P><A HREF="page1.cfm">Page1</A></P>
<P><A HREF="page2.cfm">Page2</A></P>
<P><A HREF="page3.cfm">Page3</A></P>

</CFOUTPUT>

<P><P><P ALIGN="CENTER"><CFOUTPUT>Not #SESSION.firstname#? Click <A HREF="deleted.cfm">Here</A>.</CFOUTPUT></P></P></P>

</body>
</html>

<CFELSE>
<CFSET SESSION.LOGGEDIN = "NO" >
<P ALIGN="center">You Are No Longer Logged In, Or Your Session Expired!</P>
<CFINCLUDE TEMPLATE = "login.cfm">
</CFIF>
0
Comment
Question by:gpim
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 1

Expert Comment

by:_X_
ID: 6390680
In global.cfm, change:

<CFINCLUDE TEMPLATE = "login.cfm">

to:

<cfif ListLast(script_name,"/") Does not contain "login.cfm" and ListLast(script_name,"/") Does not contain "action_login.cfm">
<CFINCLUDE TEMPLATE = "login.cfm">
</cfif>

See if that helps
0
 

Author Comment

by:gpim
ID: 6390841
wow, that looks awefully complicated for a novice CF programmer such as myself.. But I'll give it a shot!!
0
 

Author Comment

by:gpim
ID: 6390862
Well, I'm still having a problem :-(

I put it in a different directory to test it out:

http://www.parksrun.com/logintest2/login.cfm

Run through it and see what its doing (username & password: admin)




The global.cfm file looks like so:




<!---Default Log in Status is NO--->
<CFPARAM NAME="SESSION.LOGGEDIN" DEFAULT="NO">

<!---Check to see if user is logged in--->
<CFIF SESSION.LOGGEDIN is "YES">



<!---If user is not logged in, they are sent back to login screen--->
<CFELSE>
<CFSET SESSION.LOGGEDIN = "NO" >
<P ALIGN="center">You Are No Longer Logged In, Or Your Session Expired!</P>

<cfif ListLast(script_name,"/") Does not contain "login.cfm" and ListLast(script_name,"/") Does not
contain "action_login.cfm">
<CFINCLUDE TEMPLATE = "login.cfm">
</cfif>


</CFIF>

0
 
LVL 1

Expert Comment

by:_X_
ID: 6390936
ahh, okay.

Put this text:
<P ALIGN="center">You Are No Longer Logged In, Or Your Session Expired!</P>

in the cfif as well. So it'll look like:

<cfif ListLast(script_name,"/") Does not contain "login.cfm" and ListLast(script_name,"/") Does not
contain "action_login.cfm">
<P ALIGN="center">You Are No Longer Logged In, Or Your Session Expired!</P>
contain "action_login.cfm">
<CFINCLUDE TEMPLATE = "login.cfm">
</cfif>
0
 
LVL 14

Expert Comment

by:SBennett
ID: 6391035
In ACTION_LOGIN.CFM,

change this:

<CFIF CHECK.RECORDCOUNT EQ 1>
<CFSET #SESSION.username# = #CHECK.username#>
<CFSET #SESSION.password# = #CHECK.password#>
<CFSET #SESSION.firstname# = #CHECK.firstname#>
<CFSET #SESSION.lastname# = #CHECK.lastname#>
<CFSET #SESSION.LOGGEDIN# = "YES">
</CFIF>


to this:


<CFIF CHECK.RECORDCOUNT EQ 1>
<CFSET SESSION.username = "#CHECK.username#">
<CFSET SESSION.password = "#CHECK.password#">
<CFSET SESSION.firstname = "#CHECK.firstname#">
<CFSET SESSION.lastname = "#CHECK.lastname#">
<CFSET SESSION.LOGGEDIN = "YES">
</CFIF>





The reason your variables aren't being set is because you are evaluating the session variable to the left of the operator "=" on the <cfset> tags.

-Scott
0
 
LVL 14

Expert Comment

by:SBennett
ID: 6391061
Well I guess it really doesn't stop the variable from being set since I just tried it your way and it actuall does work. But it is no neccessary to put #'s around a variable in a cf tag unless it is within quotes.

-Scott
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 2

Expert Comment

by:sshhz
ID: 6391164

I agreed with Scott .... using cfset, you don't use #'s around a variable unless you want to dealing with custom tag, that you wish to return back the value by quoting #'s around in a variable it return the changes of value to you.

sshhz
0
 

Author Comment

by:gpim
ID: 6391282
I edited that line, and even did try it the way Scott mentioned but Im still getting the same issue.

Maybe something in a different page/template?

same thing:
http://www.parksrun.com/logintest2/login.cfm

Thanks for your help...
0
 

Author Comment

by:gpim
ID: 6393692
Guys, maybe you can help me finish this? I had another person try to help (on another message board) and it seems I'm closer then ever now to getting this to work:

Looks like this is ALMOST working perfectly now. I did have TO ADD TO the section in global.cfm FILE SO  ITthat checks to see if there is a match for the username and password and if there is not, it tells the user their username or password were not found.

The only other outstanding issue is when you first go to the login screen, it already is telling you:

"You Are Not Logged In, Or Your Session Expired!"

I have moved the files over to:
http://www.parksrun.com/logintest3/login.cfm

Go there and you'll see. I tried setting a variable, and then having it check to see if its the login screen, but I believe I did it incorrectly. Any suggestions on how to make the login screen, upon first display, not tell someone "You Are Not Logged In, Or Your Session Expired!".


Here is how the code is looking thus far, feel free to point out any suggestions:



[APPLICATION.CFM]

<!--- Set this thing up so it knows its app name and management state. --->


<CFAPPLICATION NAME="LOGINTHING"
CLIENTMANAGEMENT="Yes"
SESSIONMANAGEMENT="Yes"
SETCLIENTCOOKIES="Yes"
SESSIONTIMEOUT="#CreateTimeSpan(0,0,1,0)#"
APPLICATIONTIMEOUT="#CreateTimeSpan(0,0,1,0)#">



<!-- Set application constants. -->

<CFSET UserDSN="AutoLogger">


<!-- This template is run before every page to make sure user is logged in. -->

<CFINCLUDE TEMPLATE="global.cfm">














[LOGIN.CFM]

<CFPARAM NAME="SESSION.username" DEFAULT="">
<CFPARAM NAME="SESSION.password" DEFAULT="">
<CFPARAM NAME="SESSION.firstname" DEFAULT="">
<CFPARAM NAME="SESSION.lastname" DEFAULT="">
<CFPARAM NAME="SESSION.loggedin" DEFAULT="NO">







<html>
<head>
<title>LOGIN PAGE</title>
<LINK REL="stylesheet" HREF="styles.css" TYPE="TEXT/CSS">
</head>
<body>
<CFOUTPUT>
<FORM ACTION="action_login.cfm" method="post">
<TABLE WIDTH="400" BORDER="0" CELLSPACING="2" CELLPADDING="2" ALIGN="CENTER">
<TR>
<TD WIDTH="100" ALIGN="RIGHT" VALIGN="MIDDLE">Username:</TD>
<TD WIDTH="286">
<INPUT TYPE="text" NAME="USERNAME" VALUE="#SESSION.username#">
</TD>
</TR>
<TR>
<TD WIDTH="100" ALIGN="RIGHT" VALIGN="MIDDLE">Password:</TD>
<TD WIDTH="286">
<INPUT TYPE="password" NAME="PASSWORD">
</TD>
</TR>
<TR>
<TD WIDTH="100" ALIGN="RIGHT" VALIGN="MIDDLE">&nbsp;</TD>
<TD WIDTH="286">
<INPUT TYPE="submit" NAME="bLogin" VALUE="Login">
</TD>
</TR>
</TABLE>

<CFIF SESSION.firstname is not "">
<P ALIGN="CENTER">
Not #SESSION.firstname#? Click <A HREF="deleted.cfm">Here</A>.
</P>
</CFIF>

</FORM>

</CFOUTPUT>
</body>
</html>




[GLOBAL.CFM]

<!---Default Log in Status is NO--->
<CFPARAM NAME="SESSION.LOGGEDIN" DEFAULT="NO">





<CFIF IsDefined("bLogin")>

<!--- From action_login.cfm --->
<CFQUERY NAME="CHECK" DATASOURCE="#Userdsn#">
select * from userinfo
where USERNAME = '#form.username#'
AND
PASSWORD = '#form.password#'
</CFQUERY>

<CFIF CHECK.RECORDCOUNT EQ 1>
<CFSET #SESSION.username# = #CHECK.username#>
<CFSET #SESSION.password# = #CHECK.password#>
<CFSET #SESSION.firstname# = #CHECK.firstname#>
<CFSET #SESSION.lastname# = #CHECK.lastname#>
<CFSET #SESSION.LOGGEDIN# = "YES">
<CFELSE>

<!--- New, ensures that if they try to log in a second time with bad credentials they are rejected --->
<CFSET #SESSION.LOGGEDIN# = "NO">



<CFIF CHECK.RECORDCOUNT EQ 0>
<P ALIGN="center">Wrong Username or Password!</P>
<CFINCLUDE TEMPLATE = "login.cfm">
<CFABORT>
</CFIF>

</CFIF>
</CFIF>

<!---Check to see if user is logged in--->
<CFIF SESSION.LOGGEDIN is "YES">

<!---If user is not logged in, they are sent back to login screen--->
<CFELSE>
<CFSET SESSION.LOGGEDIN = "NO" >
<P ALIGN="center">You Are Not Logged In, Or Your Session Expired!</P>
<CFINCLUDE TEMPLATE = "login.cfm">
<CFABORT>
</CFIF>




[ACTION_LOGIN.CFM]



<html>
<LINK REL="stylesheet" HREF="styles.css" TYPE="TEXT/CSS">
<head>
<title>Welcome!</title>
</head>
<body>


Your current settings are:
<UL>
<CFLOOP INDEX="var" LIST=#GetClientVariablesList()#>
<CFOUTPUT>
<LI>#var# = #Evaluate(var)#
</CFOUTPUT>
</CFLOOP>
</UL>






<br>
<CFOUTPUT>
You have hit us #CLIENT.HitCount# times<br>
You last visited on #CLIENT.lastvisit#<br>
Your account was created on #CLIENT.Timecreated#<br>
</CFOUTPUT>
<br>




<P>Your Session Information:</P>

<br>
<CFOUTPUT>

#SESSION.username# <Br>
#SESSION.password# <Br>
#SESSION.firstname# <Br>
#SESSION.lastname# <Br>
#SESSION.LOGGEDIN# <Br><Br>





</CFOUTPUT>




<CFOUTPUT>#URLToken#
<P><A HREF="page1.cfm">Page1</A></P>
<P><A HREF="page2.cfm">Page2</A></P>
<P><A HREF="page3.cfm">Page3</A></P>
</CFOUTPUT>

<P><P>
<P ALIGN="CENTER"><CFOUTPUT>Not #SESSION.firstname#? Click <A HREF="deleted.cfm">Here</A>.</CFOUTPUT>
</P></P></P>

</body>
</html>


0
 
LVL 14

Expert Comment

by:SBennett
ID: 6394116

change GLOBAL.CFM to this:

-----------------------------------------------------------

<!---Default Log in Status is NO--->
<CFPARAM NAME="SESSION.LOGGEDIN" DEFAULT="NO">

<CFIF IsDefined("bLogin")>

<!--- From action_login.cfm --->
<CFQUERY NAME="CHECK" DATASOURCE="#Userdsn#">
select * from userinfo
where USERNAME = '#form.username#'
AND
PASSWORD = '#form.password#'
</CFQUERY>

<CFIF CHECK.RECORDCOUNT EQ 1>
<CFSET SESSION.username = "#CHECK.username#">
<CFSET SESSION.password = "#CHECK.password#">
<CFSET SESSION.firstname = "#CHECK.firstname#">
<CFSET SESSION.lastname = "#CHECK.lastname#">
<CFSET SESSION.LOGGEDIN = "YES">
<CFELSE>

<!--- New, ensures that if they try to log in a second time with bad credentials they are rejected --->
<CFSET #SESSION.LOGGEDIN# = "NO">

<CFIF CHECK.RECORDCOUNT EQ 0>
<P ALIGN="center">Wrong Username or Password!</P>
<CFINCLUDE TEMPLATE = "login.cfm">
<CFABORT>
</CFIF>

</CFIF>
</CFIF>

<!---Check to see if user is logged in--->
<CFIF SESSION.LOGGEDIN is "YES">

<!---If user is not logged in, they are sent back to login screen--->
<CFELSEIF SESSION.LOGGEDIN = "NO">
     <cfif ListLast(cgi.SCRIPT_NAME ,"/") eq "Login.cfm">
          <P ALIGN="center">Please log in</P>
     <cfelse>
          <P ALIGN="center">You Are Not Logged In, Or Your Session Expired!</P>
     </cfif>
     <CFINCLUDE TEMPLATE = "login.cfm">
     <CFABORT>
<CFELSE>
     <CFINCLUDE TEMPLATE = "login.cfm">
     <CFABORT>
</CFIF>

---------------------------------------------------------

I used the cgi.SCRIPT_NAME variable to determine the template the user is accessing is Login.cfm. if it is I display the message "Please log in", If it is not I display the original message you had before.

-Scott
0
 
LVL 14

Accepted Solution

by:
SBennett earned 150 total points
ID: 6394146
by the way the code I last posted assumes your users go to the url http://www.parksrun.com/logintest/login.cfm

If you are planning on sending users to a default template so they only have enter a url like "http://www.parksrun.com"  and you want it to go to the login screen you will have to use a different condition than:

    <cfif ListLast(cgi.SCRIPT_NAME ,"/") eq "Login.cfm">
         <P ALIGN="center">Please log in</P>
    <cfelse>
         <P ALIGN="center">You Are Not Logged In, Or Your Session Expired!</P>
    </cfif>
   

Let me know if that is the case and I can recommend some other methods.

-Scott
0
 

Author Comment

by:gpim
ID: 6413353
Sorry for the delay, I finally got it to work.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Have you ever sent email via ColdFusion and thought of tracking this mail to capture the exact date and time when the message was opened ?  If yes, then this article is for you ! First we need a table user_email with columns user_id , email , sub…
Periodically we have to update or add SSL certificates for customers. Depending upon your hosting plan you may be responsible for the installation and/or key generation. In the wake of Heartbleed many sites were forced to re-key. We will concen…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now