Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Application.cfm and Using Sessions

Posted on 2001-08-15
12
Medium Priority
?
190 Views
Last Modified: 2013-12-24
I hope someone who has gone through this may be able to bail me out. I spent the better part of the day trying to work out this simple application. I'm working basically on a login application that uses sessions. It will hold on to the users info as they access other applications (from a menu inside) and time out after a set period of time of no activity in which they will be thrown back to the login page with a 'Your session has ended' message.

Now my intention with this application is to have the GLOBAL.CFM file run before every page that comes up to check if the user is logged in, and if they are not logged in to send them back to the login page stating You Are No Longer Logged In, Or Your Session Expired!

Once a user has successfully logged in, I don't have anything specific setup on the internal pages to check the status if a user is logged in or not, I'm assuming it can all be done with the global.cfm file. AM I CORRECT?

Below I have enclosed my APPLICATION.CFM, GLOBAL.CFM, LOGIN.CFM, and ACTION_LOGIN.CFM templates for your review.

Also, if you would like to see what the application is currently doing to me, I have it set up for testing at: http://www.parksrun.com/logintest/login.cfm just use "admin" as a username and password.

See what its doing? Can't differentiate between being logged in or not, my guess is my GLOBAL.CFM is scripted incorrectly.



[THIS IS MY APPLICATION.CFM FILE]

<!--- Set this thing up so it knows its app name and management state. --->


<CFAPPLICATION NAME="LOGINTHING"
CLIENTMANAGEMENT="Yes"
SESSIONMANAGEMENT="Yes"
SETCLIENTCOOKIES="Yes"
SESSIONTIMEOUT="#CreateTimeSpan(0,0,1,0)#"
APPLICATIONTIMEOUT="#CreateTimeSpan(0,0,1,0)#">



<!-- Set application constants. -->

<CFSET UserDSN="AutoLogger">


<!-- This template is run before every page to make sure user is logged in. -->

<CFINCLUDE TEMPLATE="global.cfm">








[THIS IS MY GLOBAL.CFM FILE]



<!---Default Log in Status is NO--->
<CFPARAM NAME="SESSION.LOGGEDIN" DEFAULT="NO">

<!---Check to see if user is logged in--->
<CFIF SESSION.LOGGEDIN is "YES">



<!---If user is not logged in, they are sent back to login screen--->
<CFELSE>
<CFSET SESSION.LOGGEDIN = "NO" >
<P ALIGN="center">You Are No Longer Logged In, Or Your Session Expired!</P>
<CFINCLUDE TEMPLATE = "login.cfm">

</CFIF>




[THIS IS MY LOGIN.CFM FILE]

<CFPARAM NAME="SESSION.username" DEFAULT="">
<CFPARAM NAME="SESSION.password" DEFAULT="">
<CFPARAM NAME="SESSION.firstname" DEFAULT="">
<CFPARAM NAME="SESSION.lastname" DEFAULT="">
<CFPARAM NAME="SESSION.loggedin" DEFAULT="NO">


<html>
<head>
<title>LOGIN PAGE</title>
<LINK REL="stylesheet" HREF="styles.css" TYPE="TEXT/CSS">
</head>
<body>
<CFOUTPUT>
<FORM ACTION="action_login.cfm" method="post">
<TABLE WIDTH="400" BORDER="0" CELLSPACING="2" CELLPADDING="2" ALIGN="CENTER">
<TR>
<TD WIDTH="100" ALIGN="RIGHT" VALIGN="MIDDLE">Username:</TD>
<TD WIDTH="286">
<INPUT TYPE="text" NAME="USERNAME" VALUE="#SESSION.username#">
</TD>
</TR>
<TR>
<TD WIDTH="100" ALIGN="RIGHT" VALIGN="MIDDLE">Password:</TD>
<TD WIDTH="286">
<INPUT TYPE="password" NAME="PASSWORD">
</TD>
</TR>
<TR>
<TD WIDTH="100" ALIGN="RIGHT" VALIGN="MIDDLE">&nbsp;</TD>
<TD WIDTH="286">
<INPUT TYPE="submit" NAME="LoginSubmit" VALUE="Login">
</TD>
</TR>
</TABLE>

<CFIF SESSION.firstname is not "">
<P ALIGN="CENTER">Not #SESSION.firstname#? Click <A HREF="deleted.cfm">Here</A>.</P>
</CFIF>

</FORM>
</CFOUTPUT>
</body>
</html>








[THIS IS MY ACTION_LOGIN.CFM FILE]



<CFIF IsDefined("form.username")>
<CFQUERY NAME="CHECK" DATASOURCE="XXXXX">
select *
from userinfo
where USERNAME = '#form.username#'
AND
PASSWORD = '#form.password#'
</CFQUERY>



<CFIF CHECK.RECORDCOUNT EQ 1>
<CFSET #SESSION.username# = #CHECK.username#>
<CFSET #SESSION.password# = #CHECK.password#>
<CFSET #SESSION.firstname# = #CHECK.firstname#>
<CFSET #SESSION.lastname# = #CHECK.lastname#>
<CFSET #SESSION.LOGGEDIN# = "YES">
</CFIF>


<CFIF CHECK.RECORDCOUNT EQ 0>
<P ALIGN="center">Your Username or Password Were Not Found! Please Try Again.</P>
<CFINCLUDE TEMPLATE="login.cfm">
<CFABORT>
</CFIF>







<html>
<LINK REL="stylesheet" HREF="styles.css" TYPE="TEXT/CSS">
<head>
<title>Welcome!</title>
</head>
<body>

Your current settings are:
<UL>
<CFLOOP INDEX="var" LIST=#GetClientVariablesList()#>
<CFOUTPUT>
<LI>#var# = #Evaluate(var)#
</CFOUTPUT>
</CFLOOP>
</UL>



















<br>
<CFOUTPUT>
You have hit us #CLIENT.HitCount# times<br>
You last visited on #CLIENT.lastvisit#<br>
Your account was created on #CLIENT.Timecreated#<br>
</CFOUTPUT>
<br>




<P>Your Session Information:</P>

<br>
<CFOUTPUT>

#SESSION.username# <Br>
#SESSION.password# <Br>
#SESSION.firstname# <Br>
#SESSION.lastname# <Br>
#SESSION.LOGGEDIN# <Br><Br>





</CFOUTPUT>











<CFOUTPUT>#URLToken#

<P><A HREF="page1.cfm">Page1</A></P>
<P><A HREF="page2.cfm">Page2</A></P>
<P><A HREF="page3.cfm">Page3</A></P>

</CFOUTPUT>

<P><P><P ALIGN="CENTER"><CFOUTPUT>Not #SESSION.firstname#? Click <A HREF="deleted.cfm">Here</A>.</CFOUTPUT></P></P></P>

</body>
</html>

<CFELSE>
<CFSET SESSION.LOGGEDIN = "NO" >
<P ALIGN="center">You Are No Longer Logged In, Or Your Session Expired!</P>
<CFINCLUDE TEMPLATE = "login.cfm">
</CFIF>
0
Comment
Question by:gpim
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 1

Expert Comment

by:_X_
ID: 6390680
In global.cfm, change:

<CFINCLUDE TEMPLATE = "login.cfm">

to:

<cfif ListLast(script_name,"/") Does not contain "login.cfm" and ListLast(script_name,"/") Does not contain "action_login.cfm">
<CFINCLUDE TEMPLATE = "login.cfm">
</cfif>

See if that helps
0
 

Author Comment

by:gpim
ID: 6390841
wow, that looks awefully complicated for a novice CF programmer such as myself.. But I'll give it a shot!!
0
 

Author Comment

by:gpim
ID: 6390862
Well, I'm still having a problem :-(

I put it in a different directory to test it out:

http://www.parksrun.com/logintest2/login.cfm

Run through it and see what its doing (username & password: admin)




The global.cfm file looks like so:




<!---Default Log in Status is NO--->
<CFPARAM NAME="SESSION.LOGGEDIN" DEFAULT="NO">

<!---Check to see if user is logged in--->
<CFIF SESSION.LOGGEDIN is "YES">



<!---If user is not logged in, they are sent back to login screen--->
<CFELSE>
<CFSET SESSION.LOGGEDIN = "NO" >
<P ALIGN="center">You Are No Longer Logged In, Or Your Session Expired!</P>

<cfif ListLast(script_name,"/") Does not contain "login.cfm" and ListLast(script_name,"/") Does not
contain "action_login.cfm">
<CFINCLUDE TEMPLATE = "login.cfm">
</cfif>


</CFIF>

0
[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

 
LVL 1

Expert Comment

by:_X_
ID: 6390936
ahh, okay.

Put this text:
<P ALIGN="center">You Are No Longer Logged In, Or Your Session Expired!</P>

in the cfif as well. So it'll look like:

<cfif ListLast(script_name,"/") Does not contain "login.cfm" and ListLast(script_name,"/") Does not
contain "action_login.cfm">
<P ALIGN="center">You Are No Longer Logged In, Or Your Session Expired!</P>
contain "action_login.cfm">
<CFINCLUDE TEMPLATE = "login.cfm">
</cfif>
0
 
LVL 14

Expert Comment

by:Scott Bennett
ID: 6391035
In ACTION_LOGIN.CFM,

change this:

<CFIF CHECK.RECORDCOUNT EQ 1>
<CFSET #SESSION.username# = #CHECK.username#>
<CFSET #SESSION.password# = #CHECK.password#>
<CFSET #SESSION.firstname# = #CHECK.firstname#>
<CFSET #SESSION.lastname# = #CHECK.lastname#>
<CFSET #SESSION.LOGGEDIN# = "YES">
</CFIF>


to this:


<CFIF CHECK.RECORDCOUNT EQ 1>
<CFSET SESSION.username = "#CHECK.username#">
<CFSET SESSION.password = "#CHECK.password#">
<CFSET SESSION.firstname = "#CHECK.firstname#">
<CFSET SESSION.lastname = "#CHECK.lastname#">
<CFSET SESSION.LOGGEDIN = "YES">
</CFIF>





The reason your variables aren't being set is because you are evaluating the session variable to the left of the operator "=" on the <cfset> tags.

-Scott
0
 
LVL 14

Expert Comment

by:Scott Bennett
ID: 6391061
Well I guess it really doesn't stop the variable from being set since I just tried it your way and it actuall does work. But it is no neccessary to put #'s around a variable in a cf tag unless it is within quotes.

-Scott
0
 
LVL 2

Expert Comment

by:sshhz
ID: 6391164

I agreed with Scott .... using cfset, you don't use #'s around a variable unless you want to dealing with custom tag, that you wish to return back the value by quoting #'s around in a variable it return the changes of value to you.

sshhz
0
 

Author Comment

by:gpim
ID: 6391282
I edited that line, and even did try it the way Scott mentioned but Im still getting the same issue.

Maybe something in a different page/template?

same thing:
http://www.parksrun.com/logintest2/login.cfm

Thanks for your help...
0
 

Author Comment

by:gpim
ID: 6393692
Guys, maybe you can help me finish this? I had another person try to help (on another message board) and it seems I'm closer then ever now to getting this to work:

Looks like this is ALMOST working perfectly now. I did have TO ADD TO the section in global.cfm FILE SO  ITthat checks to see if there is a match for the username and password and if there is not, it tells the user their username or password were not found.

The only other outstanding issue is when you first go to the login screen, it already is telling you:

"You Are Not Logged In, Or Your Session Expired!"

I have moved the files over to:
http://www.parksrun.com/logintest3/login.cfm

Go there and you'll see. I tried setting a variable, and then having it check to see if its the login screen, but I believe I did it incorrectly. Any suggestions on how to make the login screen, upon first display, not tell someone "You Are Not Logged In, Or Your Session Expired!".


Here is how the code is looking thus far, feel free to point out any suggestions:



[APPLICATION.CFM]

<!--- Set this thing up so it knows its app name and management state. --->


<CFAPPLICATION NAME="LOGINTHING"
CLIENTMANAGEMENT="Yes"
SESSIONMANAGEMENT="Yes"
SETCLIENTCOOKIES="Yes"
SESSIONTIMEOUT="#CreateTimeSpan(0,0,1,0)#"
APPLICATIONTIMEOUT="#CreateTimeSpan(0,0,1,0)#">



<!-- Set application constants. -->

<CFSET UserDSN="AutoLogger">


<!-- This template is run before every page to make sure user is logged in. -->

<CFINCLUDE TEMPLATE="global.cfm">














[LOGIN.CFM]

<CFPARAM NAME="SESSION.username" DEFAULT="">
<CFPARAM NAME="SESSION.password" DEFAULT="">
<CFPARAM NAME="SESSION.firstname" DEFAULT="">
<CFPARAM NAME="SESSION.lastname" DEFAULT="">
<CFPARAM NAME="SESSION.loggedin" DEFAULT="NO">







<html>
<head>
<title>LOGIN PAGE</title>
<LINK REL="stylesheet" HREF="styles.css" TYPE="TEXT/CSS">
</head>
<body>
<CFOUTPUT>
<FORM ACTION="action_login.cfm" method="post">
<TABLE WIDTH="400" BORDER="0" CELLSPACING="2" CELLPADDING="2" ALIGN="CENTER">
<TR>
<TD WIDTH="100" ALIGN="RIGHT" VALIGN="MIDDLE">Username:</TD>
<TD WIDTH="286">
<INPUT TYPE="text" NAME="USERNAME" VALUE="#SESSION.username#">
</TD>
</TR>
<TR>
<TD WIDTH="100" ALIGN="RIGHT" VALIGN="MIDDLE">Password:</TD>
<TD WIDTH="286">
<INPUT TYPE="password" NAME="PASSWORD">
</TD>
</TR>
<TR>
<TD WIDTH="100" ALIGN="RIGHT" VALIGN="MIDDLE">&nbsp;</TD>
<TD WIDTH="286">
<INPUT TYPE="submit" NAME="bLogin" VALUE="Login">
</TD>
</TR>
</TABLE>

<CFIF SESSION.firstname is not "">
<P ALIGN="CENTER">
Not #SESSION.firstname#? Click <A HREF="deleted.cfm">Here</A>.
</P>
</CFIF>

</FORM>

</CFOUTPUT>
</body>
</html>




[GLOBAL.CFM]

<!---Default Log in Status is NO--->
<CFPARAM NAME="SESSION.LOGGEDIN" DEFAULT="NO">





<CFIF IsDefined("bLogin")>

<!--- From action_login.cfm --->
<CFQUERY NAME="CHECK" DATASOURCE="#Userdsn#">
select * from userinfo
where USERNAME = '#form.username#'
AND
PASSWORD = '#form.password#'
</CFQUERY>

<CFIF CHECK.RECORDCOUNT EQ 1>
<CFSET #SESSION.username# = #CHECK.username#>
<CFSET #SESSION.password# = #CHECK.password#>
<CFSET #SESSION.firstname# = #CHECK.firstname#>
<CFSET #SESSION.lastname# = #CHECK.lastname#>
<CFSET #SESSION.LOGGEDIN# = "YES">
<CFELSE>

<!--- New, ensures that if they try to log in a second time with bad credentials they are rejected --->
<CFSET #SESSION.LOGGEDIN# = "NO">



<CFIF CHECK.RECORDCOUNT EQ 0>
<P ALIGN="center">Wrong Username or Password!</P>
<CFINCLUDE TEMPLATE = "login.cfm">
<CFABORT>
</CFIF>

</CFIF>
</CFIF>

<!---Check to see if user is logged in--->
<CFIF SESSION.LOGGEDIN is "YES">

<!---If user is not logged in, they are sent back to login screen--->
<CFELSE>
<CFSET SESSION.LOGGEDIN = "NO" >
<P ALIGN="center">You Are Not Logged In, Or Your Session Expired!</P>
<CFINCLUDE TEMPLATE = "login.cfm">
<CFABORT>
</CFIF>




[ACTION_LOGIN.CFM]



<html>
<LINK REL="stylesheet" HREF="styles.css" TYPE="TEXT/CSS">
<head>
<title>Welcome!</title>
</head>
<body>


Your current settings are:
<UL>
<CFLOOP INDEX="var" LIST=#GetClientVariablesList()#>
<CFOUTPUT>
<LI>#var# = #Evaluate(var)#
</CFOUTPUT>
</CFLOOP>
</UL>






<br>
<CFOUTPUT>
You have hit us #CLIENT.HitCount# times<br>
You last visited on #CLIENT.lastvisit#<br>
Your account was created on #CLIENT.Timecreated#<br>
</CFOUTPUT>
<br>




<P>Your Session Information:</P>

<br>
<CFOUTPUT>

#SESSION.username# <Br>
#SESSION.password# <Br>
#SESSION.firstname# <Br>
#SESSION.lastname# <Br>
#SESSION.LOGGEDIN# <Br><Br>





</CFOUTPUT>




<CFOUTPUT>#URLToken#
<P><A HREF="page1.cfm">Page1</A></P>
<P><A HREF="page2.cfm">Page2</A></P>
<P><A HREF="page3.cfm">Page3</A></P>
</CFOUTPUT>

<P><P>
<P ALIGN="CENTER"><CFOUTPUT>Not #SESSION.firstname#? Click <A HREF="deleted.cfm">Here</A>.</CFOUTPUT>
</P></P></P>

</body>
</html>


0
 
LVL 14

Expert Comment

by:Scott Bennett
ID: 6394116

change GLOBAL.CFM to this:

-----------------------------------------------------------

<!---Default Log in Status is NO--->
<CFPARAM NAME="SESSION.LOGGEDIN" DEFAULT="NO">

<CFIF IsDefined("bLogin")>

<!--- From action_login.cfm --->
<CFQUERY NAME="CHECK" DATASOURCE="#Userdsn#">
select * from userinfo
where USERNAME = '#form.username#'
AND
PASSWORD = '#form.password#'
</CFQUERY>

<CFIF CHECK.RECORDCOUNT EQ 1>
<CFSET SESSION.username = "#CHECK.username#">
<CFSET SESSION.password = "#CHECK.password#">
<CFSET SESSION.firstname = "#CHECK.firstname#">
<CFSET SESSION.lastname = "#CHECK.lastname#">
<CFSET SESSION.LOGGEDIN = "YES">
<CFELSE>

<!--- New, ensures that if they try to log in a second time with bad credentials they are rejected --->
<CFSET #SESSION.LOGGEDIN# = "NO">

<CFIF CHECK.RECORDCOUNT EQ 0>
<P ALIGN="center">Wrong Username or Password!</P>
<CFINCLUDE TEMPLATE = "login.cfm">
<CFABORT>
</CFIF>

</CFIF>
</CFIF>

<!---Check to see if user is logged in--->
<CFIF SESSION.LOGGEDIN is "YES">

<!---If user is not logged in, they are sent back to login screen--->
<CFELSEIF SESSION.LOGGEDIN = "NO">
     <cfif ListLast(cgi.SCRIPT_NAME ,"/") eq "Login.cfm">
          <P ALIGN="center">Please log in</P>
     <cfelse>
          <P ALIGN="center">You Are Not Logged In, Or Your Session Expired!</P>
     </cfif>
     <CFINCLUDE TEMPLATE = "login.cfm">
     <CFABORT>
<CFELSE>
     <CFINCLUDE TEMPLATE = "login.cfm">
     <CFABORT>
</CFIF>

---------------------------------------------------------

I used the cgi.SCRIPT_NAME variable to determine the template the user is accessing is Login.cfm. if it is I display the message "Please log in", If it is not I display the original message you had before.

-Scott
0
 
LVL 14

Accepted Solution

by:
Scott Bennett earned 600 total points
ID: 6394146
by the way the code I last posted assumes your users go to the url http://www.parksrun.com/logintest/login.cfm 

If you are planning on sending users to a default template so they only have enter a url like "http://www.parksrun.com"  and you want it to go to the login screen you will have to use a different condition than:

    <cfif ListLast(cgi.SCRIPT_NAME ,"/") eq "Login.cfm">
         <P ALIGN="center">Please log in</P>
    <cfelse>
         <P ALIGN="center">You Are Not Logged In, Or Your Session Expired!</P>
    </cfif>
   

Let me know if that is the case and I can recommend some other methods.

-Scott
0
 

Author Comment

by:gpim
ID: 6413353
Sorry for the delay, I finally got it to work.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In our day to day coding, how many times have we come across a necessity to check whether a URL is a broken link or not? For those of you that answered countless and are using ColdFusion like myself, then this article is for you.  It will show yo…
Most ColdFusion developers get confused between the CFSet, Duplicate, and Structcopy methods of copying a Structure, especially which one to use when. This Article will explain the differences in the approaches with examples; therefore, after readin…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question