Why Log In Twice? - <CFApplication> Session ect.

I am using the user authentication found at:
http://tutorial8.easycfm.com/

It seems very helpful. I am wondering why on my page, i type in the correct user and password, it tells me i need to log in, so i type it in again and it works.

I have tried this several times now. I must log in twice. Any suggestions?

<!--- Application.cfm --->

<!--- Create the application --->
<CFAPPLICATION name="verifyLogin" clientmanagement="Yes"
                    sessionmanagement="Yes"
                    sessiontimeout="#CreateTimeSpan(0,0,15,0)#"
                    applicationtimeout="#CreateTimeSpan(0,2,0,0)#">
<!--- Now define that this user is logged out by default --->
<CFPARAM NAME="session.allowin" DEFAULT="false">
<!--- Now if the variable "session.allowin" does not equal true, send user to the login page --->
<!---
        the other thing you must check for is if the page calling this application.cfm is the "login.cfm" page
        and the "Login_process.cfm" page since the Application.cfm is always called, if this is not checked
        the application will simply Loop over and over. To check that, you do the following call

--->
<CFIF session.allowin neq "true">
  <CFIF ListLast(CGI.SCRIPT_NAME, "/") EQ "login.cfm">
    <CFELSEIF ListLast(CGI.SCRIPT_NAME, "/") EQ "login_process.cfm">
    <CFELSE>
    <!--- this user is not logged in, alert user and redirect to the login.cfm page --->
    <SCRIPT>
              alert("You must login to access this area!");
              self.location="login.cfm";
      </SCRIPT>
  </CFIF>
</CFIF>
<!--- Look for log-out function --->
<CFIF isDefined('url.logout')>
  <CFSET session.allowin = 'false'>
</CFIF>
<!--- routine to clear session when browser closes --->
<CFIF IsDefined("Cookie.CFID") AND IsDefined("Cookie.CFTOKEN")>
  <CFSET Variables.cfid_local = Cookie.CFID>
  <CFSET Variables.cftoken_local = Cookie.CFTOKEN>
  <CFCOOKIE name="CFID" value="#Variables.cfid_local#">
  <CFCOOKIE name="CFTOKEN" value="#Variables.cftoken_local#">
</CFIF>


<!--- Authenticate.cfm --->
<CFSET location="cp.cfm">
<CFINCLUDE TEMPLATE="adminheader.cfm">
  <!--- Get all records from the database that match this users credentials --->
  <CFQUERY name="verify" datasource="investment">
  SELECT username, password
  FROM admin
  WHERE username = '#username#'
  AND
  password = '#password#'
  </CFQUERY>
  <CFIF verify.RecordCount>
    <!--- This user has logged in correctly, change the value of the session.allowin value --->
    <CFSET session.allowin = "True">
    <!--- Now welcome user and redirect to "members_only.cfm" --->
    <SCRIPT>
         self.location="<CFOUTPUT>#location#</cfoutput>";
    </SCRIPT>
    <CFELSE>
    <!--- this user did not log in correctly, alert and redirect to the login page --->
    <SCRIPT>
        alert("Your credentials could not be verified, please try again!!!");
        self.location="Javascript:history.go(-1)";
    </SCRIPT>
  </CFIF>
  <CFINCLUDE TEMPLATE="adminfooter.cfm">

My login page is nothing but a simple form. I am wondering if this is the reason.

It seems like this application protects everything in the directory which contains the application.cfm file, and being my authentication.cfm page displays my header (which is in the application.cfm directory) before the processing, this is what is making the error. I removed my header and footer from authentication.cfm and tried that, it did not work either. I would like to know what is the problem. Thanks.
zakirdavisAsked:
Who is Participating?
 
Renante EnteraSenior PHP DeveloperCommented:
Try removing your line :

   self.location="login.cfm"

On this line :

<CFIF session.allowin neq "true">
  <CFIF ListLast(CGI.SCRIPT_NAME, "/") EQ "login.cfm">
    <CFELSEIF ListLast(CGI.SCRIPT_NAME, "/") EQ "login_process.cfm">
    <CFELSE>
    <!--- this user is not logged in, alert user and redirect to the login.cfm page --->
    <SCRIPT>
              alert("You must login to access this area!");
              self.location="login.cfm";
      </SCRIPT>
  </CFIF>
</CFIF>

Goodluck!
eNTRANCE2002 :-)
0
 
anandkpCommented:
Hi ... i guess ur code looks fine - thou a bit confusing where u are checking for the session value & redirecting the user to login.cfm

I was just thinking that the place from where ur accessing the server - may be having checks on session & avoiding it. [sessions may be blocked on ur server]

chk the setting in CFADMIN - & make sure the session timeout is set to 15 min [as required] ... as if the CFAdmin has a setting set to 0 ... it overrides teh setting in ur Application.cfm file.

chk the above & confirm !

PS : in ur code - ur setting the value of <CFSET session.allowin = "True"> in authenticate.cfm
dont u think when u execute ur code - before authenticate.cfm being called - application.cfm will execute & take u back to login page.
according to me - the code for authenticating the user & taking him inside or back to login.cfm shld be on application.cfm file itself ... just a thought !

K'Rgds
Anand
0
 
zakirdavisAuthor Commented:
Sorry. Today is 12.03.03 @ 10.56EST

I will check out the feedback when i get home around 18:00HR
0
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

 
zakirdavisAuthor Commented:
Please excuse me.

The page where in my original posti stated login_process.cfm, the page is actually called

authenticate.cfm


0
 
zakirdavisAuthor Commented:
I found the problem.

In application.cfm

<CFIF session.allowin neq "true">
  <CFIF ListLast(CGI.SCRIPT_NAME, "/") EQ "login.cfm">
    <CFELSEIF ListLast(CGI.SCRIPT_NAME, "/") EQ "login_process.cfm">
    <CFELSE>
    <!--- this user is not logged in, alert user and redirect to the login.cfm page --->
    <SCRIPT>
              alert("You must login to access this area!");
              self.location="login.cfm";
      </SCRIPT>
  </CFIF>
</CFIF>


3rd line in the block "EQ "login.cfm">" that page does not even exist. The name of the page should be authenticate.cfm. I minor error in my page in renaming the files and ect. I appreciate the help.
0
 
anandkpCommented:
OOPS !

that wld have real tough for us to figure out :)

gr8 going !

Cheers
Anand

0
 
Renante EnteraSenior PHP DeveloperCommented:
Good !

I am happy that you have resolved your problem.

I don't even what really causes the problem.

Regards!
eNTRANCE2002 :-)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.