Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 224
  • Last Modified:

Log-in and stay logged in!

Hi guys,

I'm a student at university in England, and I'm working on my final year project, an online store in coldfusion.

This is probably gonna sound like a simple problem, but here goes...

I want to be able to allow the user to log in, and stay logged in (maybe with the username displayed at the top, ie. Logged in as ....).

What is the best way to do this? Obviously I don't want to send the user_ID as a URL variable, as that would be unsafe. Is a session cookie the way to go?

How do I store the user_id in a session cookie? Can I just use CFLOGIN and how?

Thanks for your time!

Chris Pont
0
chrispont
Asked:
chrispont
  • 2
  • 2
1 Solution
 
anandkpCommented:
Hi Chris,

Ur right - the cookie/session is the best way to go ...

its very simple & easy to implement as well

follow the steps below & iam sure - it shld see u thru [hopefuly ... :)]

Since its a online store- i am sure .. u already have a DB table for the users & are storing the user detials there ...

when the user logs in ... validate the users & after validating create a cookie as :

<CFQUERY NAME="Get_userdetails" DATASOURCE="#DSN#" DBTYPE="ODBC" USERNAME="#CARO_USERNAME#" PASSWORD="#CARO_PASSWORD#">
     SELECT      username,userid from Users
     where  username = '#username#'
</CFQUERY>
               
<CFCOOKIE NAME="CK_USER" VALUE="#Get_userdetails.USERNAME#~#Get_userdetails.USERID#">
<!--- u can use the "expires" property incase u want the cookie to reside on a user machine for "x" days ! --->
<!--- in this case - i havent given the expires property - so it will be browser based cookier - alive till the browser remains open --->


<!--- ========================================================================================================== --->

<!--- now once the user is logged in - read the cookie on ne-page as : --->
<CFOUTPUT>
    <CFIF ISDEFINED('COOKIE.CK_USER')>
        hello #LISTGETAT(COOKIE.CK_USER,1,"~")#
    <CFELSE>
        hello Guest    
    </CFIF>
</CFOUTPUT>

try this & let me know

if u wanna use sessions u cld also use that [let me know incase u want a eg of that as well] ... but i prefer cookie over sessions ...

K'Rgds
Anand
0
 
HamdyHassanCommented:

(1) Add the following to <cfapplication
               clientmanagement="Yes"
               sessionmanagement="Yes"
               setclientcookies="Yes"
            clientstorage="REGISTRY"

(2) after verify user/pw at login.cfm
    do the following
    <CFSET CLIENT.USER_ID = "#FORM.USER_ID#" >

(3) At any page
     <CFIF ISDEFINED("CLIENT.USER_ID")>
        <CFOUTPUT>Logged in as #CLIENT.USER_ID#</CFOUTPUT>
     </CFIF>
0
 
chrispontAuthor Commented:
Thanks for the code guys!
Just a quick few questions though.

anandkp, if I place the code
<CFQUERY NAME="Get_userdetails" DATASOURCE="#DSN#" DBTYPE="ODBC" USERNAME="#FORM.USER_ID#" PASSWORD="#FORM.PASSWORD#">
    SELECT      username,userid from Users
    where  username = '#username#'
</CFQUERY>

If I used a form method=Get on the previous page, would this mean that the username and password are not trassmitted in a way that can be easily accesable?

Also..

Where would I put the <cfapplication
              clientmanagement="Yes"
              sessionmanagement="Yes"
              setclientcookies="Yes"
           clientstorage="REGISTRY"

code?

Thanks a lot for your help! This will really get me on my way to a good project!
0
 
chrispontAuthor Commented:
Sorry got that wrong, what i meant for that code was...

<CFQUERY NAME="Get_userdetails" DATASOURCE="#DSN#">
   SELECT      username,userid from Users
   where  username = '#Form.username#'
</CFQUERY>

Thanks!
0
 
anandkpCommented:
hi,

ur query in the above comment is right !
<CFQUERY NAME="Get_userdetails" DATASOURCE="#DSN#">
  SELECT username,userid from Users
  where  username = '#Form.username#'
</CFQUERY>

also abt the CFApplication tag - its suppose to be in ur aaplication.cfm file

u cld do those setting via the application tag - OR have them done in ur CFADmin

K'Rgds
Anand
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now