Solved

How to prevent user go back to the login page

Posted on 2003-11-14
8
225 Views
Last Modified: 2013-12-24
Hi, if I use Coldfuion to design a interface to ask the user to login, after the user login, how to prevent the user to go back to the login page and try again?

Thanks
0
Comment
Question by:xiaobing
8 Comments
 
LVL 2

Accepted Solution

by:
jonnygo55 earned 125 total points
ID: 9750725
on your login page...put the something like the following...

<cfif session.userloggedIn eq true>
     <cflocation url="login.cfm">
</cfif>

whatever you use to track whether the user is logged in you check on the login page...and redirect them accordingly...
0
 

Expert Comment

by:slatif
ID: 9752102
Yes either define a session variable on server to see if that specific user is already signed in or use database table to store entries for users already logged in.
0
 
LVL 14

Expert Comment

by:Renante Entera
ID: 9752264
Yah! jonnygo55 is right.

Be sure that you have created a .cfm file "application.cfm".

Then the content of "application.cfm" must have this following :

<cfapplication name="anyname" sessionmanagement="yes" sessiontimeout="#CreateTimeSpan(0,0,30,0)#>

Then on every top line of each .cfm file, have this code :

<cfif not IsDefined('session.userloggedIn')>
  <cflocation url="login.cfm">
</cfif>

This will check if a user logs in.  When user attempts to go a specified address, he will be redirected to the login page once he has not yet logged in successfully.

Goodluck!
eNTRANCE2002 :-)
0
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

 
LVL 17

Expert Comment

by:anandkp
ID: 9752876
Hi,

I dont see a reason to avoid the user going back to the login page ... it shldnt bother u ...
if hes already logged in & wants to login with another name - let him do it ... i dont think that shld cause a problem for ur site.

as long as hes a member & hes logging in ... u shld be happy !

K'Rgds
Anand

PS : Entrance - why does he have to code it on top of each line ... cant he include a common file on everypage
also the settings of CFApplication tag can also be managed from CFADMIN ... right ???

My choice wld be to use cookies & not sessions ... but it depends - what u wanna use :)
0
 
LVL 10

Expert Comment

by:Mause
ID: 9762625
eNTRANCE2002 is right

you can also put

<cfif not IsDefined('session.userloggedIn')>
  <cflocation url="login.cfm">
</cfif>

in application.cfm but then you need something extra because you don't want to redirected the user if he is on the login.cfm page. so it will ben something like this:

<cfif not IsDefined('session.userloggedIn') AND listlast(cgi.SCRIPT_NAME, '/') is not 'login.cfm'>
  <cflocation url="login.cfm">
</cfif>


Mause
And now you don't have to put anything on top of every .cfm page
0
 
LVL 35

Expert Comment

by:mrichmon
ID: 9781756
It is a good thing to put in the Application.cfm file.  (be sure that your Application.cfm file starts with a capital A)

And not only that but you can extend it further to force login for certain directories or certain sites...  Like this :

<cfif FindNoCase("Secure", CGI.SCRIPT_NAME) NEQ 0><!--- Customer is in the secure directory so must log in --->
      <cfif NOT IsDefined("Session.CustomerIsLoggedIn")>
            <cfinclude template="Secure/CustomerLogin.cfm">
            <cfabort>
      </cfif>
</cfif>

That way the user is always forced to the login page/request access page if they are not logged in.  Then you can forward them to wherever they were going by this :

<!--- User is logged in so send them to page they came from --->
<cfif CGI.QUERY_STRING NEQ ""><!--- Preserve URL variables if they existed --->
      <cflocation addtoken="no" url="#CGI.SCRIPT_NAME#?#CGI.QUERY_STRING#">
<cfelse><!--- No URL variables so send to clean URL --->
      <cflocation addtoken="no" url="#CGI.SCRIPT_NAME#">
</cfif>

That way the URL always shows where the person was trying to get to instead of showing the login page in the URL.  Also it preserves and URL variables that the user had when they were forced to login.

0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is a guide to setting up a new WHM/cPanel Server to be used for web hosting accounts. It is intended for web hosting company administrators and dedicated server owners. For under $99 per month (considering normal rate of Big Data Cetnters like …
Periodically we have to update or add SSL certificates for customers. Depending upon your hosting plan you may be responsible for the installation and/or key generation. In the wake of Heartbleed many sites were forced to re-key. We will concen…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question