Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Application.cfm and Using Sessions

Posted on 2001-08-15
12
177 Views
Last Modified: 2013-12-24
I hope someone who has gone through this may be able to bail me out. I spent the better part of the day trying to work out this simple application. I'm working basically on a login application that uses sessions. It will hold on to the users info as they access other applications (from a menu inside) and time out after a set period of time of no activity in which they will be thrown back to the login page with a 'Your session has ended' message.

Now my intention with this application is to have the GLOBAL.CFM file run before every page that comes up to check if the user is logged in, and if they are not logged in to send them back to the login page stating You Are No Longer Logged In, Or Your Session Expired!

Once a user has successfully logged in, I don't have anything specific setup on the internal pages to check the status if a user is logged in or not, I'm assuming it can all be done with the global.cfm file. AM I CORRECT?

Below I have enclosed my APPLICATION.CFM, GLOBAL.CFM, LOGIN.CFM, and ACTION_LOGIN.CFM templates for your review.

Also, if you would like to see what the application is currently doing to me, I have it set up for testing at: http://www.parksrun.com/logintest/login.cfm just use "admin" as a username and password.

See what its doing? Can't differentiate between being logged in or not, my guess is my GLOBAL.CFM is scripted incorrectly.



[THIS IS MY APPLICATION.CFM FILE]

<!--- Set this thing up so it knows its app name and management state. --->


<CFAPPLICATION NAME="LOGINTHING"
CLIENTMANAGEMENT="Yes"
SESSIONMANAGEMENT="Yes"
SETCLIENTCOOKIES="Yes"
SESSIONTIMEOUT="#CreateTimeSpan(0,0,1,0)#"
APPLICATIONTIMEOUT="#CreateTimeSpan(0,0,1,0)#">



<!-- Set application constants. -->

<CFSET UserDSN="AutoLogger">


<!-- This template is run before every page to make sure user is logged in. -->

<CFINCLUDE TEMPLATE="global.cfm">








[THIS IS MY GLOBAL.CFM FILE]



<!---Default Log in Status is NO--->
<CFPARAM NAME="SESSION.LOGGEDIN" DEFAULT="NO">

<!---Check to see if user is logged in--->
<CFIF SESSION.LOGGEDIN is "YES">



<!---If user is not logged in, they are sent back to login screen--->
<CFELSE>
<CFSET SESSION.LOGGEDIN = "NO" >
<P ALIGN="center">You Are No Longer Logged In, Or Your Session Expired!</P>
<CFINCLUDE TEMPLATE = "login.cfm">

</CFIF>




[THIS IS MY LOGIN.CFM FILE]

<CFPARAM NAME="SESSION.username" DEFAULT="">
<CFPARAM NAME="SESSION.password" DEFAULT="">
<CFPARAM NAME="SESSION.firstname" DEFAULT="">
<CFPARAM NAME="SESSION.lastname" DEFAULT="">
<CFPARAM NAME="SESSION.loggedin" DEFAULT="NO">


<html>
<head>
<title>LOGIN PAGE</title>
<LINK REL="stylesheet" HREF="styles.css" TYPE="TEXT/CSS">
</head>
<body>
<CFOUTPUT>
<FORM ACTION="action_login.cfm" method="post">
<TABLE WIDTH="400" BORDER="0" CELLSPACING="2" CELLPADDING="2" ALIGN="CENTER">
<TR>
<TD WIDTH="100" ALIGN="RIGHT" VALIGN="MIDDLE">Username:</TD>
<TD WIDTH="286">
<INPUT TYPE="text" NAME="USERNAME" VALUE="#SESSION.username#">
</TD>
</TR>
<TR>
<TD WIDTH="100" ALIGN="RIGHT" VALIGN="MIDDLE">Password:</TD>
<TD WIDTH="286">
<INPUT TYPE="password" NAME="PASSWORD">
</TD>
</TR>
<TR>
<TD WIDTH="100" ALIGN="RIGHT" VALIGN="MIDDLE">&nbsp;</TD>
<TD WIDTH="286">
<INPUT TYPE="submit" NAME="LoginSubmit" VALUE="Login">
</TD>
</TR>
</TABLE>

<CFIF SESSION.firstname is not "">
<P ALIGN="CENTER">Not #SESSION.firstname#? Click <A HREF="deleted.cfm">Here</A>.</P>
</CFIF>

</FORM>
</CFOUTPUT>
</body>
</html>








[THIS IS MY ACTION_LOGIN.CFM FILE]



<CFIF IsDefined("form.username")>
<CFQUERY NAME="CHECK" DATASOURCE="XXXXX">
select *
from userinfo
where USERNAME = '#form.username#'
AND
PASSWORD = '#form.password#'
</CFQUERY>



<CFIF CHECK.RECORDCOUNT EQ 1>
<CFSET #SESSION.username# = #CHECK.username#>
<CFSET #SESSION.password# = #CHECK.password#>
<CFSET #SESSION.firstname# = #CHECK.firstname#>
<CFSET #SESSION.lastname# = #CHECK.lastname#>
<CFSET #SESSION.LOGGEDIN# = "YES">
</CFIF>


<CFIF CHECK.RECORDCOUNT EQ 0>
<P ALIGN="center">Your Username or Password Were Not Found! Please Try Again.</P>
<CFINCLUDE TEMPLATE="login.cfm">
<CFABORT>
</CFIF>







<html>
<LINK REL="stylesheet" HREF="styles.css" TYPE="TEXT/CSS">
<head>
<title>Welcome!</title>
</head>
<body>

Your current settings are:
<UL>
<CFLOOP INDEX="var" LIST=#GetClientVariablesList()#>
<CFOUTPUT>
<LI>#var# = #Evaluate(var)#
</CFOUTPUT>
</CFLOOP>
</UL>



















<br>
<CFOUTPUT>
You have hit us #CLIENT.HitCount# times<br>
You last visited on #CLIENT.lastvisit#<br>
Your account was created on #CLIENT.Timecreated#<br>
</CFOUTPUT>
<br>




<P>Your Session Information:</P>

<br>
<CFOUTPUT>

#SESSION.username# <Br>
#SESSION.password# <Br>
#SESSION.firstname# <Br>
#SESSION.lastname# <Br>
#SESSION.LOGGEDIN# <Br><Br>





</CFOUTPUT>











<CFOUTPUT>#URLToken#

<P><A HREF="page1.cfm">Page1</A></P>
<P><A HREF="page2.cfm">Page2</A></P>
<P><A HREF="page3.cfm">Page3</A></P>

</CFOUTPUT>

<P><P><P ALIGN="CENTER"><CFOUTPUT>Not #SESSION.firstname#? Click <A HREF="deleted.cfm">Here</A>.</CFOUTPUT></P></P></P>

</body>
</html>

<CFELSE>
<CFSET SESSION.LOGGEDIN = "NO" >
<P ALIGN="center">You Are No Longer Logged In, Or Your Session Expired!</P>
<CFINCLUDE TEMPLATE = "login.cfm">
</CFIF>
0
Comment
Question by:gpim
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 1

Expert Comment

by:_X_
ID: 6390680
In global.cfm, change:

<CFINCLUDE TEMPLATE = "login.cfm">

to:

<cfif ListLast(script_name,"/") Does not contain "login.cfm" and ListLast(script_name,"/") Does not contain "action_login.cfm">
<CFINCLUDE TEMPLATE = "login.cfm">
</cfif>

See if that helps
0
 

Author Comment

by:gpim
ID: 6390841
wow, that looks awefully complicated for a novice CF programmer such as myself.. But I'll give it a shot!!
0
 

Author Comment

by:gpim
ID: 6390862
Well, I'm still having a problem :-(

I put it in a different directory to test it out:

http://www.parksrun.com/logintest2/login.cfm

Run through it and see what its doing (username & password: admin)




The global.cfm file looks like so:




<!---Default Log in Status is NO--->
<CFPARAM NAME="SESSION.LOGGEDIN" DEFAULT="NO">

<!---Check to see if user is logged in--->
<CFIF SESSION.LOGGEDIN is "YES">



<!---If user is not logged in, they are sent back to login screen--->
<CFELSE>
<CFSET SESSION.LOGGEDIN = "NO" >
<P ALIGN="center">You Are No Longer Logged In, Or Your Session Expired!</P>

<cfif ListLast(script_name,"/") Does not contain "login.cfm" and ListLast(script_name,"/") Does not
contain "action_login.cfm">
<CFINCLUDE TEMPLATE = "login.cfm">
</cfif>


</CFIF>

0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 1

Expert Comment

by:_X_
ID: 6390936
ahh, okay.

Put this text:
<P ALIGN="center">You Are No Longer Logged In, Or Your Session Expired!</P>

in the cfif as well. So it'll look like:

<cfif ListLast(script_name,"/") Does not contain "login.cfm" and ListLast(script_name,"/") Does not
contain "action_login.cfm">
<P ALIGN="center">You Are No Longer Logged In, Or Your Session Expired!</P>
contain "action_login.cfm">
<CFINCLUDE TEMPLATE = "login.cfm">
</cfif>
0
 
LVL 14

Expert Comment

by:Scott Bennett
ID: 6391035
In ACTION_LOGIN.CFM,

change this:

<CFIF CHECK.RECORDCOUNT EQ 1>
<CFSET #SESSION.username# = #CHECK.username#>
<CFSET #SESSION.password# = #CHECK.password#>
<CFSET #SESSION.firstname# = #CHECK.firstname#>
<CFSET #SESSION.lastname# = #CHECK.lastname#>
<CFSET #SESSION.LOGGEDIN# = "YES">
</CFIF>


to this:


<CFIF CHECK.RECORDCOUNT EQ 1>
<CFSET SESSION.username = "#CHECK.username#">
<CFSET SESSION.password = "#CHECK.password#">
<CFSET SESSION.firstname = "#CHECK.firstname#">
<CFSET SESSION.lastname = "#CHECK.lastname#">
<CFSET SESSION.LOGGEDIN = "YES">
</CFIF>





The reason your variables aren't being set is because you are evaluating the session variable to the left of the operator "=" on the <cfset> tags.

-Scott
0
 
LVL 14

Expert Comment

by:Scott Bennett
ID: 6391061
Well I guess it really doesn't stop the variable from being set since I just tried it your way and it actuall does work. But it is no neccessary to put #'s around a variable in a cf tag unless it is within quotes.

-Scott
0
 
LVL 2

Expert Comment

by:sshhz
ID: 6391164

I agreed with Scott .... using cfset, you don't use #'s around a variable unless you want to dealing with custom tag, that you wish to return back the value by quoting #'s around in a variable it return the changes of value to you.

sshhz
0
 

Author Comment

by:gpim
ID: 6391282
I edited that line, and even did try it the way Scott mentioned but Im still getting the same issue.

Maybe something in a different page/template?

same thing:
http://www.parksrun.com/logintest2/login.cfm

Thanks for your help...
0
 

Author Comment

by:gpim
ID: 6393692
Guys, maybe you can help me finish this? I had another person try to help (on another message board) and it seems I'm closer then ever now to getting this to work:

Looks like this is ALMOST working perfectly now. I did have TO ADD TO the section in global.cfm FILE SO  ITthat checks to see if there is a match for the username and password and if there is not, it tells the user their username or password were not found.

The only other outstanding issue is when you first go to the login screen, it already is telling you:

"You Are Not Logged In, Or Your Session Expired!"

I have moved the files over to:
http://www.parksrun.com/logintest3/login.cfm

Go there and you'll see. I tried setting a variable, and then having it check to see if its the login screen, but I believe I did it incorrectly. Any suggestions on how to make the login screen, upon first display, not tell someone "You Are Not Logged In, Or Your Session Expired!".


Here is how the code is looking thus far, feel free to point out any suggestions:



[APPLICATION.CFM]

<!--- Set this thing up so it knows its app name and management state. --->


<CFAPPLICATION NAME="LOGINTHING"
CLIENTMANAGEMENT="Yes"
SESSIONMANAGEMENT="Yes"
SETCLIENTCOOKIES="Yes"
SESSIONTIMEOUT="#CreateTimeSpan(0,0,1,0)#"
APPLICATIONTIMEOUT="#CreateTimeSpan(0,0,1,0)#">



<!-- Set application constants. -->

<CFSET UserDSN="AutoLogger">


<!-- This template is run before every page to make sure user is logged in. -->

<CFINCLUDE TEMPLATE="global.cfm">














[LOGIN.CFM]

<CFPARAM NAME="SESSION.username" DEFAULT="">
<CFPARAM NAME="SESSION.password" DEFAULT="">
<CFPARAM NAME="SESSION.firstname" DEFAULT="">
<CFPARAM NAME="SESSION.lastname" DEFAULT="">
<CFPARAM NAME="SESSION.loggedin" DEFAULT="NO">







<html>
<head>
<title>LOGIN PAGE</title>
<LINK REL="stylesheet" HREF="styles.css" TYPE="TEXT/CSS">
</head>
<body>
<CFOUTPUT>
<FORM ACTION="action_login.cfm" method="post">
<TABLE WIDTH="400" BORDER="0" CELLSPACING="2" CELLPADDING="2" ALIGN="CENTER">
<TR>
<TD WIDTH="100" ALIGN="RIGHT" VALIGN="MIDDLE">Username:</TD>
<TD WIDTH="286">
<INPUT TYPE="text" NAME="USERNAME" VALUE="#SESSION.username#">
</TD>
</TR>
<TR>
<TD WIDTH="100" ALIGN="RIGHT" VALIGN="MIDDLE">Password:</TD>
<TD WIDTH="286">
<INPUT TYPE="password" NAME="PASSWORD">
</TD>
</TR>
<TR>
<TD WIDTH="100" ALIGN="RIGHT" VALIGN="MIDDLE">&nbsp;</TD>
<TD WIDTH="286">
<INPUT TYPE="submit" NAME="bLogin" VALUE="Login">
</TD>
</TR>
</TABLE>

<CFIF SESSION.firstname is not "">
<P ALIGN="CENTER">
Not #SESSION.firstname#? Click <A HREF="deleted.cfm">Here</A>.
</P>
</CFIF>

</FORM>

</CFOUTPUT>
</body>
</html>




[GLOBAL.CFM]

<!---Default Log in Status is NO--->
<CFPARAM NAME="SESSION.LOGGEDIN" DEFAULT="NO">





<CFIF IsDefined("bLogin")>

<!--- From action_login.cfm --->
<CFQUERY NAME="CHECK" DATASOURCE="#Userdsn#">
select * from userinfo
where USERNAME = '#form.username#'
AND
PASSWORD = '#form.password#'
</CFQUERY>

<CFIF CHECK.RECORDCOUNT EQ 1>
<CFSET #SESSION.username# = #CHECK.username#>
<CFSET #SESSION.password# = #CHECK.password#>
<CFSET #SESSION.firstname# = #CHECK.firstname#>
<CFSET #SESSION.lastname# = #CHECK.lastname#>
<CFSET #SESSION.LOGGEDIN# = "YES">
<CFELSE>

<!--- New, ensures that if they try to log in a second time with bad credentials they are rejected --->
<CFSET #SESSION.LOGGEDIN# = "NO">



<CFIF CHECK.RECORDCOUNT EQ 0>
<P ALIGN="center">Wrong Username or Password!</P>
<CFINCLUDE TEMPLATE = "login.cfm">
<CFABORT>
</CFIF>

</CFIF>
</CFIF>

<!---Check to see if user is logged in--->
<CFIF SESSION.LOGGEDIN is "YES">

<!---If user is not logged in, they are sent back to login screen--->
<CFELSE>
<CFSET SESSION.LOGGEDIN = "NO" >
<P ALIGN="center">You Are Not Logged In, Or Your Session Expired!</P>
<CFINCLUDE TEMPLATE = "login.cfm">
<CFABORT>
</CFIF>




[ACTION_LOGIN.CFM]



<html>
<LINK REL="stylesheet" HREF="styles.css" TYPE="TEXT/CSS">
<head>
<title>Welcome!</title>
</head>
<body>


Your current settings are:
<UL>
<CFLOOP INDEX="var" LIST=#GetClientVariablesList()#>
<CFOUTPUT>
<LI>#var# = #Evaluate(var)#
</CFOUTPUT>
</CFLOOP>
</UL>






<br>
<CFOUTPUT>
You have hit us #CLIENT.HitCount# times<br>
You last visited on #CLIENT.lastvisit#<br>
Your account was created on #CLIENT.Timecreated#<br>
</CFOUTPUT>
<br>




<P>Your Session Information:</P>

<br>
<CFOUTPUT>

#SESSION.username# <Br>
#SESSION.password# <Br>
#SESSION.firstname# <Br>
#SESSION.lastname# <Br>
#SESSION.LOGGEDIN# <Br><Br>





</CFOUTPUT>




<CFOUTPUT>#URLToken#
<P><A HREF="page1.cfm">Page1</A></P>
<P><A HREF="page2.cfm">Page2</A></P>
<P><A HREF="page3.cfm">Page3</A></P>
</CFOUTPUT>

<P><P>
<P ALIGN="CENTER"><CFOUTPUT>Not #SESSION.firstname#? Click <A HREF="deleted.cfm">Here</A>.</CFOUTPUT>
</P></P></P>

</body>
</html>


0
 
LVL 14

Expert Comment

by:Scott Bennett
ID: 6394116

change GLOBAL.CFM to this:

-----------------------------------------------------------

<!---Default Log in Status is NO--->
<CFPARAM NAME="SESSION.LOGGEDIN" DEFAULT="NO">

<CFIF IsDefined("bLogin")>

<!--- From action_login.cfm --->
<CFQUERY NAME="CHECK" DATASOURCE="#Userdsn#">
select * from userinfo
where USERNAME = '#form.username#'
AND
PASSWORD = '#form.password#'
</CFQUERY>

<CFIF CHECK.RECORDCOUNT EQ 1>
<CFSET SESSION.username = "#CHECK.username#">
<CFSET SESSION.password = "#CHECK.password#">
<CFSET SESSION.firstname = "#CHECK.firstname#">
<CFSET SESSION.lastname = "#CHECK.lastname#">
<CFSET SESSION.LOGGEDIN = "YES">
<CFELSE>

<!--- New, ensures that if they try to log in a second time with bad credentials they are rejected --->
<CFSET #SESSION.LOGGEDIN# = "NO">

<CFIF CHECK.RECORDCOUNT EQ 0>
<P ALIGN="center">Wrong Username or Password!</P>
<CFINCLUDE TEMPLATE = "login.cfm">
<CFABORT>
</CFIF>

</CFIF>
</CFIF>

<!---Check to see if user is logged in--->
<CFIF SESSION.LOGGEDIN is "YES">

<!---If user is not logged in, they are sent back to login screen--->
<CFELSEIF SESSION.LOGGEDIN = "NO">
     <cfif ListLast(cgi.SCRIPT_NAME ,"/") eq "Login.cfm">
          <P ALIGN="center">Please log in</P>
     <cfelse>
          <P ALIGN="center">You Are Not Logged In, Or Your Session Expired!</P>
     </cfif>
     <CFINCLUDE TEMPLATE = "login.cfm">
     <CFABORT>
<CFELSE>
     <CFINCLUDE TEMPLATE = "login.cfm">
     <CFABORT>
</CFIF>

---------------------------------------------------------

I used the cgi.SCRIPT_NAME variable to determine the template the user is accessing is Login.cfm. if it is I display the message "Please log in", If it is not I display the original message you had before.

-Scott
0
 
LVL 14

Accepted Solution

by:
Scott Bennett earned 150 total points
ID: 6394146
by the way the code I last posted assumes your users go to the url http://www.parksrun.com/logintest/login.cfm 

If you are planning on sending users to a default template so they only have enter a url like "http://www.parksrun.com"  and you want it to go to the login screen you will have to use a different condition than:

    <cfif ListLast(cgi.SCRIPT_NAME ,"/") eq "Login.cfm">
         <P ALIGN="center">Please log in</P>
    <cfelse>
         <P ALIGN="center">You Are Not Logged In, Or Your Session Expired!</P>
    </cfif>
   

Let me know if that is the case and I can recommend some other methods.

-Scott
0
 

Author Comment

by:gpim
ID: 6413353
Sorry for the delay, I finally got it to work.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to setting up a new WHM/cPanel Server to be used for web hosting accounts. It is intended for web hosting company administrators and dedicated server owners. For under $99 per month (considering normal rate of Big Data Cetnters like …
Lease-to-own eliminates the expenditure of hardware replacement and allows you to pay off the server over time. Usually, this is much cheaper than leasing servers. Think of lease-to-own as credit without interest.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question