Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Why Log In Twice? - <CFApplication> Session ect.

Posted on 2003-12-03
7
Medium Priority
?
521 Views
Last Modified: 2013-12-24
I am using the user authentication found at:
http://tutorial8.easycfm.com/

It seems very helpful. I am wondering why on my page, i type in the correct user and password, it tells me i need to log in, so i type it in again and it works.

I have tried this several times now. I must log in twice. Any suggestions?

<!--- Application.cfm --->

<!--- Create the application --->
<CFAPPLICATION name="verifyLogin" clientmanagement="Yes"
                    sessionmanagement="Yes"
                    sessiontimeout="#CreateTimeSpan(0,0,15,0)#"
                    applicationtimeout="#CreateTimeSpan(0,2,0,0)#">
<!--- Now define that this user is logged out by default --->
<CFPARAM NAME="session.allowin" DEFAULT="false">
<!--- Now if the variable "session.allowin" does not equal true, send user to the login page --->
<!---
        the other thing you must check for is if the page calling this application.cfm is the "login.cfm" page
        and the "Login_process.cfm" page since the Application.cfm is always called, if this is not checked
        the application will simply Loop over and over. To check that, you do the following call

--->
<CFIF session.allowin neq "true">
  <CFIF ListLast(CGI.SCRIPT_NAME, "/") EQ "login.cfm">
    <CFELSEIF ListLast(CGI.SCRIPT_NAME, "/") EQ "login_process.cfm">
    <CFELSE>
    <!--- this user is not logged in, alert user and redirect to the login.cfm page --->
    <SCRIPT>
              alert("You must login to access this area!");
              self.location="login.cfm";
      </SCRIPT>
  </CFIF>
</CFIF>
<!--- Look for log-out function --->
<CFIF isDefined('url.logout')>
  <CFSET session.allowin = 'false'>
</CFIF>
<!--- routine to clear session when browser closes --->
<CFIF IsDefined("Cookie.CFID") AND IsDefined("Cookie.CFTOKEN")>
  <CFSET Variables.cfid_local = Cookie.CFID>
  <CFSET Variables.cftoken_local = Cookie.CFTOKEN>
  <CFCOOKIE name="CFID" value="#Variables.cfid_local#">
  <CFCOOKIE name="CFTOKEN" value="#Variables.cftoken_local#">
</CFIF>


<!--- Authenticate.cfm --->
<CFSET location="cp.cfm">
<CFINCLUDE TEMPLATE="adminheader.cfm">
  <!--- Get all records from the database that match this users credentials --->
  <CFQUERY name="verify" datasource="investment">
  SELECT username, password
  FROM admin
  WHERE username = '#username#'
  AND
  password = '#password#'
  </CFQUERY>
  <CFIF verify.RecordCount>
    <!--- This user has logged in correctly, change the value of the session.allowin value --->
    <CFSET session.allowin = "True">
    <!--- Now welcome user and redirect to "members_only.cfm" --->
    <SCRIPT>
         self.location="<CFOUTPUT>#location#</cfoutput>";
    </SCRIPT>
    <CFELSE>
    <!--- this user did not log in correctly, alert and redirect to the login page --->
    <SCRIPT>
        alert("Your credentials could not be verified, please try again!!!");
        self.location="Javascript:history.go(-1)";
    </SCRIPT>
  </CFIF>
  <CFINCLUDE TEMPLATE="adminfooter.cfm">

My login page is nothing but a simple form. I am wondering if this is the reason.

It seems like this application protects everything in the directory which contains the application.cfm file, and being my authentication.cfm page displays my header (which is in the application.cfm directory) before the processing, this is what is making the error. I removed my header and footer from authentication.cfm and tried that, it did not work either. I would like to know what is the problem. Thanks.
0
Comment
Question by:zakirdavis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 14

Accepted Solution

by:
Renante Entera earned 1100 total points
ID: 9865109
Try removing your line :

   self.location="login.cfm"

On this line :

<CFIF session.allowin neq "true">
  <CFIF ListLast(CGI.SCRIPT_NAME, "/") EQ "login.cfm">
    <CFELSEIF ListLast(CGI.SCRIPT_NAME, "/") EQ "login_process.cfm">
    <CFELSE>
    <!--- this user is not logged in, alert user and redirect to the login.cfm page --->
    <SCRIPT>
              alert("You must login to access this area!");
              self.location="login.cfm";
      </SCRIPT>
  </CFIF>
</CFIF>

Goodluck!
eNTRANCE2002 :-)
0
 
LVL 17

Assisted Solution

by:anandkp
anandkp earned 900 total points
ID: 9865219
Hi ... i guess ur code looks fine - thou a bit confusing where u are checking for the session value & redirecting the user to login.cfm

I was just thinking that the place from where ur accessing the server - may be having checks on session & avoiding it. [sessions may be blocked on ur server]

chk the setting in CFADMIN - & make sure the session timeout is set to 15 min [as required] ... as if the CFAdmin has a setting set to 0 ... it overrides teh setting in ur Application.cfm file.

chk the above & confirm !

PS : in ur code - ur setting the value of <CFSET session.allowin = "True"> in authenticate.cfm
dont u think when u execute ur code - before authenticate.cfm being called - application.cfm will execute & take u back to login page.
according to me - the code for authenticating the user & taking him inside or back to login.cfm shld be on application.cfm file itself ... just a thought !

K'Rgds
Anand
0
 

Author Comment

by:zakirdavis
ID: 9867440
Sorry. Today is 12.03.03 @ 10.56EST

I will check out the feedback when i get home around 18:00HR
0
Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

 

Author Comment

by:zakirdavis
ID: 9869234
Please excuse me.

The page where in my original posti stated login_process.cfm, the page is actually called

authenticate.cfm


0
 

Author Comment

by:zakirdavis
ID: 9871841
I found the problem.

In application.cfm

<CFIF session.allowin neq "true">
  <CFIF ListLast(CGI.SCRIPT_NAME, "/") EQ "login.cfm">
    <CFELSEIF ListLast(CGI.SCRIPT_NAME, "/") EQ "login_process.cfm">
    <CFELSE>
    <!--- this user is not logged in, alert user and redirect to the login.cfm page --->
    <SCRIPT>
              alert("You must login to access this area!");
              self.location="login.cfm";
      </SCRIPT>
  </CFIF>
</CFIF>


3rd line in the block "EQ "login.cfm">" that page does not even exist. The name of the page should be authenticate.cfm. I minor error in my page in renaming the files and ect. I appreciate the help.
0
 
LVL 17

Expert Comment

by:anandkp
ID: 9872264
OOPS !

that wld have real tough for us to figure out :)

gr8 going !

Cheers
Anand

0
 
LVL 14

Expert Comment

by:Renante Entera
ID: 9872300
Good !

I am happy that you have resolved your problem.

I don't even what really causes the problem.

Regards!
eNTRANCE2002 :-)
0

Featured Post

Looking for a new Web Host?

Lunarpages' assortment of hosting products and solutions ensure a perfect fit for anyone looking to get their vision or products to market. Our award winning customer support and 30-day money back guarantee show the pride we take in being the industry's premier MSP.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever sent email via ColdFusion and thought of tracking this mail to capture the exact date and time when the message was opened ?  If yes, then this article is for you ! First we need a table user_email with columns user_id , email , sub…
Lease-to-own eliminates the expenditure of hardware replacement and allows you to pay off the server over time. Usually, this is much cheaper than leasing servers. Think of lease-to-own as credit without interest.
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question