Solved

How to prevent user go back to the login page

Posted on 2003-11-14
8
223 Views
Last Modified: 2013-12-24
Hi, if I use Coldfuion to design a interface to ask the user to login, after the user login, how to prevent the user to go back to the login page and try again?

Thanks
0
Comment
Question by:xiaobing
8 Comments
 
LVL 2

Accepted Solution

by:
jonnygo55 earned 125 total points
ID: 9750725
on your login page...put the something like the following...

<cfif session.userloggedIn eq true>
     <cflocation url="login.cfm">
</cfif>

whatever you use to track whether the user is logged in you check on the login page...and redirect them accordingly...
0
 

Expert Comment

by:slatif
ID: 9752102
Yes either define a session variable on server to see if that specific user is already signed in or use database table to store entries for users already logged in.
0
 
LVL 14

Expert Comment

by:Renante Entera
ID: 9752264
Yah! jonnygo55 is right.

Be sure that you have created a .cfm file "application.cfm".

Then the content of "application.cfm" must have this following :

<cfapplication name="anyname" sessionmanagement="yes" sessiontimeout="#CreateTimeSpan(0,0,30,0)#>

Then on every top line of each .cfm file, have this code :

<cfif not IsDefined('session.userloggedIn')>
  <cflocation url="login.cfm">
</cfif>

This will check if a user logs in.  When user attempts to go a specified address, he will be redirected to the login page once he has not yet logged in successfully.

Goodluck!
eNTRANCE2002 :-)
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 17

Expert Comment

by:anandkp
ID: 9752876
Hi,

I dont see a reason to avoid the user going back to the login page ... it shldnt bother u ...
if hes already logged in & wants to login with another name - let him do it ... i dont think that shld cause a problem for ur site.

as long as hes a member & hes logging in ... u shld be happy !

K'Rgds
Anand

PS : Entrance - why does he have to code it on top of each line ... cant he include a common file on everypage
also the settings of CFApplication tag can also be managed from CFADMIN ... right ???

My choice wld be to use cookies & not sessions ... but it depends - what u wanna use :)
0
 
LVL 10

Expert Comment

by:Mause
ID: 9762625
eNTRANCE2002 is right

you can also put

<cfif not IsDefined('session.userloggedIn')>
  <cflocation url="login.cfm">
</cfif>

in application.cfm but then you need something extra because you don't want to redirected the user if he is on the login.cfm page. so it will ben something like this:

<cfif not IsDefined('session.userloggedIn') AND listlast(cgi.SCRIPT_NAME, '/') is not 'login.cfm'>
  <cflocation url="login.cfm">
</cfif>


Mause
And now you don't have to put anything on top of every .cfm page
0
 
LVL 35

Expert Comment

by:mrichmon
ID: 9781756
It is a good thing to put in the Application.cfm file.  (be sure that your Application.cfm file starts with a capital A)

And not only that but you can extend it further to force login for certain directories or certain sites...  Like this :

<cfif FindNoCase("Secure", CGI.SCRIPT_NAME) NEQ 0><!--- Customer is in the secure directory so must log in --->
      <cfif NOT IsDefined("Session.CustomerIsLoggedIn")>
            <cfinclude template="Secure/CustomerLogin.cfm">
            <cfabort>
      </cfif>
</cfif>

That way the user is always forced to the login page/request access page if they are not logged in.  Then you can forward them to wherever they were going by this :

<!--- User is logged in so send them to page they came from --->
<cfif CGI.QUERY_STRING NEQ ""><!--- Preserve URL variables if they existed --->
      <cflocation addtoken="no" url="#CGI.SCRIPT_NAME#?#CGI.QUERY_STRING#">
<cfelse><!--- No URL variables so send to clean URL --->
      <cflocation addtoken="no" url="#CGI.SCRIPT_NAME#">
</cfif>

That way the URL always shows where the person was trying to get to instead of showing the login page in the URL.  Also it preserves and URL variables that the user had when they were forced to login.

0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever sent email via ColdFusion and thought of tracking this mail to capture the exact date and time when the message was opened ?  If yes, then this article is for you ! First we need a table user_email with columns user_id , email , sub…
One of the typical problems I have experienced is when you have to move a web server from one hosting site to another. You normally prepare all on the new host, transfer the site, change DNS and cross your fingers hoping all will be ok on new server…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question