Solved

How to prevent user go back to the login page

Posted on 2003-11-14
8
221 Views
Last Modified: 2013-12-24
Hi, if I use Coldfuion to design a interface to ask the user to login, after the user login, how to prevent the user to go back to the login page and try again?

Thanks
0
Comment
Question by:xiaobing
8 Comments
 
LVL 2

Accepted Solution

by:
jonnygo55 earned 125 total points
Comment Utility
on your login page...put the something like the following...

<cfif session.userloggedIn eq true>
     <cflocation url="login.cfm">
</cfif>

whatever you use to track whether the user is logged in you check on the login page...and redirect them accordingly...
0
 

Expert Comment

by:slatif
Comment Utility
Yes either define a session variable on server to see if that specific user is already signed in or use database table to store entries for users already logged in.
0
 
LVL 14

Expert Comment

by:Renante Entera
Comment Utility
Yah! jonnygo55 is right.

Be sure that you have created a .cfm file "application.cfm".

Then the content of "application.cfm" must have this following :

<cfapplication name="anyname" sessionmanagement="yes" sessiontimeout="#CreateTimeSpan(0,0,30,0)#>

Then on every top line of each .cfm file, have this code :

<cfif not IsDefined('session.userloggedIn')>
  <cflocation url="login.cfm">
</cfif>

This will check if a user logs in.  When user attempts to go a specified address, he will be redirected to the login page once he has not yet logged in successfully.

Goodluck!
eNTRANCE2002 :-)
0
Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

 
LVL 17

Expert Comment

by:anandkp
Comment Utility
Hi,

I dont see a reason to avoid the user going back to the login page ... it shldnt bother u ...
if hes already logged in & wants to login with another name - let him do it ... i dont think that shld cause a problem for ur site.

as long as hes a member & hes logging in ... u shld be happy !

K'Rgds
Anand

PS : Entrance - why does he have to code it on top of each line ... cant he include a common file on everypage
also the settings of CFApplication tag can also be managed from CFADMIN ... right ???

My choice wld be to use cookies & not sessions ... but it depends - what u wanna use :)
0
 
LVL 10

Expert Comment

by:Mause
Comment Utility
eNTRANCE2002 is right

you can also put

<cfif not IsDefined('session.userloggedIn')>
  <cflocation url="login.cfm">
</cfif>

in application.cfm but then you need something extra because you don't want to redirected the user if he is on the login.cfm page. so it will ben something like this:

<cfif not IsDefined('session.userloggedIn') AND listlast(cgi.SCRIPT_NAME, '/') is not 'login.cfm'>
  <cflocation url="login.cfm">
</cfif>


Mause
And now you don't have to put anything on top of every .cfm page
0
 
LVL 35

Expert Comment

by:mrichmon
Comment Utility
It is a good thing to put in the Application.cfm file.  (be sure that your Application.cfm file starts with a capital A)

And not only that but you can extend it further to force login for certain directories or certain sites...  Like this :

<cfif FindNoCase("Secure", CGI.SCRIPT_NAME) NEQ 0><!--- Customer is in the secure directory so must log in --->
      <cfif NOT IsDefined("Session.CustomerIsLoggedIn")>
            <cfinclude template="Secure/CustomerLogin.cfm">
            <cfabort>
      </cfif>
</cfif>

That way the user is always forced to the login page/request access page if they are not logged in.  Then you can forward them to wherever they were going by this :

<!--- User is logged in so send them to page they came from --->
<cfif CGI.QUERY_STRING NEQ ""><!--- Preserve URL variables if they existed --->
      <cflocation addtoken="no" url="#CGI.SCRIPT_NAME#?#CGI.QUERY_STRING#">
<cfelse><!--- No URL variables so send to clean URL --->
      <cflocation addtoken="no" url="#CGI.SCRIPT_NAME#">
</cfif>

That way the URL always shows where the person was trying to get to instead of showing the login page in the URL.  Also it preserves and URL variables that the user had when they were forced to login.

0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

A web service (http://en.wikipedia.org/wiki/Web_service) is a software related technology that facilitates machine-to-machine interaction over a network. This article helps beginners in creating and consuming a web service using the ColdFusion Ma…
Periodically we have to update or add SSL certificates for customers. Depending upon your hosting plan you may be responsible for the installation and/or key generation. In the wake of Heartbleed many sites were forced to re-key. We will concen…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now