Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 528
  • Last Modified:

Why Log In Twice? - <CFApplication> Session ect.

I am using the user authentication found at:
http://tutorial8.easycfm.com/

It seems very helpful. I am wondering why on my page, i type in the correct user and password, it tells me i need to log in, so i type it in again and it works.

I have tried this several times now. I must log in twice. Any suggestions?

<!--- Application.cfm --->

<!--- Create the application --->
<CFAPPLICATION name="verifyLogin" clientmanagement="Yes"
                    sessionmanagement="Yes"
                    sessiontimeout="#CreateTimeSpan(0,0,15,0)#"
                    applicationtimeout="#CreateTimeSpan(0,2,0,0)#">
<!--- Now define that this user is logged out by default --->
<CFPARAM NAME="session.allowin" DEFAULT="false">
<!--- Now if the variable "session.allowin" does not equal true, send user to the login page --->
<!---
        the other thing you must check for is if the page calling this application.cfm is the "login.cfm" page
        and the "Login_process.cfm" page since the Application.cfm is always called, if this is not checked
        the application will simply Loop over and over. To check that, you do the following call

--->
<CFIF session.allowin neq "true">
  <CFIF ListLast(CGI.SCRIPT_NAME, "/") EQ "login.cfm">
    <CFELSEIF ListLast(CGI.SCRIPT_NAME, "/") EQ "login_process.cfm">
    <CFELSE>
    <!--- this user is not logged in, alert user and redirect to the login.cfm page --->
    <SCRIPT>
              alert("You must login to access this area!");
              self.location="login.cfm";
      </SCRIPT>
  </CFIF>
</CFIF>
<!--- Look for log-out function --->
<CFIF isDefined('url.logout')>
  <CFSET session.allowin = 'false'>
</CFIF>
<!--- routine to clear session when browser closes --->
<CFIF IsDefined("Cookie.CFID") AND IsDefined("Cookie.CFTOKEN")>
  <CFSET Variables.cfid_local = Cookie.CFID>
  <CFSET Variables.cftoken_local = Cookie.CFTOKEN>
  <CFCOOKIE name="CFID" value="#Variables.cfid_local#">
  <CFCOOKIE name="CFTOKEN" value="#Variables.cftoken_local#">
</CFIF>


<!--- Authenticate.cfm --->
<CFSET location="cp.cfm">
<CFINCLUDE TEMPLATE="adminheader.cfm">
  <!--- Get all records from the database that match this users credentials --->
  <CFQUERY name="verify" datasource="investment">
  SELECT username, password
  FROM admin
  WHERE username = '#username#'
  AND
  password = '#password#'
  </CFQUERY>
  <CFIF verify.RecordCount>
    <!--- This user has logged in correctly, change the value of the session.allowin value --->
    <CFSET session.allowin = "True">
    <!--- Now welcome user and redirect to "members_only.cfm" --->
    <SCRIPT>
         self.location="<CFOUTPUT>#location#</cfoutput>";
    </SCRIPT>
    <CFELSE>
    <!--- this user did not log in correctly, alert and redirect to the login page --->
    <SCRIPT>
        alert("Your credentials could not be verified, please try again!!!");
        self.location="Javascript:history.go(-1)";
    </SCRIPT>
  </CFIF>
  <CFINCLUDE TEMPLATE="adminfooter.cfm">

My login page is nothing but a simple form. I am wondering if this is the reason.

It seems like this application protects everything in the directory which contains the application.cfm file, and being my authentication.cfm page displays my header (which is in the application.cfm directory) before the processing, this is what is making the error. I removed my header and footer from authentication.cfm and tried that, it did not work either. I would like to know what is the problem. Thanks.
0
zakirdavis
Asked:
zakirdavis
  • 3
  • 2
  • 2
2 Solutions
 
Renante EnteraCommented:
Try removing your line :

   self.location="login.cfm"

On this line :

<CFIF session.allowin neq "true">
  <CFIF ListLast(CGI.SCRIPT_NAME, "/") EQ "login.cfm">
    <CFELSEIF ListLast(CGI.SCRIPT_NAME, "/") EQ "login_process.cfm">
    <CFELSE>
    <!--- this user is not logged in, alert user and redirect to the login.cfm page --->
    <SCRIPT>
              alert("You must login to access this area!");
              self.location="login.cfm";
      </SCRIPT>
  </CFIF>
</CFIF>

Goodluck!
eNTRANCE2002 :-)
0
 
anandkpCommented:
Hi ... i guess ur code looks fine - thou a bit confusing where u are checking for the session value & redirecting the user to login.cfm

I was just thinking that the place from where ur accessing the server - may be having checks on session & avoiding it. [sessions may be blocked on ur server]

chk the setting in CFADMIN - & make sure the session timeout is set to 15 min [as required] ... as if the CFAdmin has a setting set to 0 ... it overrides teh setting in ur Application.cfm file.

chk the above & confirm !

PS : in ur code - ur setting the value of <CFSET session.allowin = "True"> in authenticate.cfm
dont u think when u execute ur code - before authenticate.cfm being called - application.cfm will execute & take u back to login page.
according to me - the code for authenticating the user & taking him inside or back to login.cfm shld be on application.cfm file itself ... just a thought !

K'Rgds
Anand
0
 
zakirdavisAuthor Commented:
Sorry. Today is 12.03.03 @ 10.56EST

I will check out the feedback when i get home around 18:00HR
0
Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

 
zakirdavisAuthor Commented:
Please excuse me.

The page where in my original posti stated login_process.cfm, the page is actually called

authenticate.cfm


0
 
zakirdavisAuthor Commented:
I found the problem.

In application.cfm

<CFIF session.allowin neq "true">
  <CFIF ListLast(CGI.SCRIPT_NAME, "/") EQ "login.cfm">
    <CFELSEIF ListLast(CGI.SCRIPT_NAME, "/") EQ "login_process.cfm">
    <CFELSE>
    <!--- this user is not logged in, alert user and redirect to the login.cfm page --->
    <SCRIPT>
              alert("You must login to access this area!");
              self.location="login.cfm";
      </SCRIPT>
  </CFIF>
</CFIF>


3rd line in the block "EQ "login.cfm">" that page does not even exist. The name of the page should be authenticate.cfm. I minor error in my page in renaming the files and ect. I appreciate the help.
0
 
anandkpCommented:
OOPS !

that wld have real tough for us to figure out :)

gr8 going !

Cheers
Anand

0
 
Renante EnteraCommented:
Good !

I am happy that you have resolved your problem.

I don't even what really causes the problem.

Regards!
eNTRANCE2002 :-)
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now