Solved

Why Log In Twice? - <CFApplication> Session ect.

Posted on 2003-12-03
7
509 Views
Last Modified: 2013-12-24
I am using the user authentication found at:
http://tutorial8.easycfm.com/

It seems very helpful. I am wondering why on my page, i type in the correct user and password, it tells me i need to log in, so i type it in again and it works.

I have tried this several times now. I must log in twice. Any suggestions?

<!--- Application.cfm --->

<!--- Create the application --->
<CFAPPLICATION name="verifyLogin" clientmanagement="Yes"
                    sessionmanagement="Yes"
                    sessiontimeout="#CreateTimeSpan(0,0,15,0)#"
                    applicationtimeout="#CreateTimeSpan(0,2,0,0)#">
<!--- Now define that this user is logged out by default --->
<CFPARAM NAME="session.allowin" DEFAULT="false">
<!--- Now if the variable "session.allowin" does not equal true, send user to the login page --->
<!---
        the other thing you must check for is if the page calling this application.cfm is the "login.cfm" page
        and the "Login_process.cfm" page since the Application.cfm is always called, if this is not checked
        the application will simply Loop over and over. To check that, you do the following call

--->
<CFIF session.allowin neq "true">
  <CFIF ListLast(CGI.SCRIPT_NAME, "/") EQ "login.cfm">
    <CFELSEIF ListLast(CGI.SCRIPT_NAME, "/") EQ "login_process.cfm">
    <CFELSE>
    <!--- this user is not logged in, alert user and redirect to the login.cfm page --->
    <SCRIPT>
              alert("You must login to access this area!");
              self.location="login.cfm";
      </SCRIPT>
  </CFIF>
</CFIF>
<!--- Look for log-out function --->
<CFIF isDefined('url.logout')>
  <CFSET session.allowin = 'false'>
</CFIF>
<!--- routine to clear session when browser closes --->
<CFIF IsDefined("Cookie.CFID") AND IsDefined("Cookie.CFTOKEN")>
  <CFSET Variables.cfid_local = Cookie.CFID>
  <CFSET Variables.cftoken_local = Cookie.CFTOKEN>
  <CFCOOKIE name="CFID" value="#Variables.cfid_local#">
  <CFCOOKIE name="CFTOKEN" value="#Variables.cftoken_local#">
</CFIF>


<!--- Authenticate.cfm --->
<CFSET location="cp.cfm">
<CFINCLUDE TEMPLATE="adminheader.cfm">
  <!--- Get all records from the database that match this users credentials --->
  <CFQUERY name="verify" datasource="investment">
  SELECT username, password
  FROM admin
  WHERE username = '#username#'
  AND
  password = '#password#'
  </CFQUERY>
  <CFIF verify.RecordCount>
    <!--- This user has logged in correctly, change the value of the session.allowin value --->
    <CFSET session.allowin = "True">
    <!--- Now welcome user and redirect to "members_only.cfm" --->
    <SCRIPT>
         self.location="<CFOUTPUT>#location#</cfoutput>";
    </SCRIPT>
    <CFELSE>
    <!--- this user did not log in correctly, alert and redirect to the login page --->
    <SCRIPT>
        alert("Your credentials could not be verified, please try again!!!");
        self.location="Javascript:history.go(-1)";
    </SCRIPT>
  </CFIF>
  <CFINCLUDE TEMPLATE="adminfooter.cfm">

My login page is nothing but a simple form. I am wondering if this is the reason.

It seems like this application protects everything in the directory which contains the application.cfm file, and being my authentication.cfm page displays my header (which is in the application.cfm directory) before the processing, this is what is making the error. I removed my header and footer from authentication.cfm and tried that, it did not work either. I would like to know what is the problem. Thanks.
0
Comment
Question by:zakirdavis
  • 3
  • 2
  • 2
7 Comments
 
LVL 14

Accepted Solution

by:
Renante Entera earned 275 total points
ID: 9865109
Try removing your line :

   self.location="login.cfm"

On this line :

<CFIF session.allowin neq "true">
  <CFIF ListLast(CGI.SCRIPT_NAME, "/") EQ "login.cfm">
    <CFELSEIF ListLast(CGI.SCRIPT_NAME, "/") EQ "login_process.cfm">
    <CFELSE>
    <!--- this user is not logged in, alert user and redirect to the login.cfm page --->
    <SCRIPT>
              alert("You must login to access this area!");
              self.location="login.cfm";
      </SCRIPT>
  </CFIF>
</CFIF>

Goodluck!
eNTRANCE2002 :-)
0
 
LVL 17

Assisted Solution

by:anandkp
anandkp earned 225 total points
ID: 9865219
Hi ... i guess ur code looks fine - thou a bit confusing where u are checking for the session value & redirecting the user to login.cfm

I was just thinking that the place from where ur accessing the server - may be having checks on session & avoiding it. [sessions may be blocked on ur server]

chk the setting in CFADMIN - & make sure the session timeout is set to 15 min [as required] ... as if the CFAdmin has a setting set to 0 ... it overrides teh setting in ur Application.cfm file.

chk the above & confirm !

PS : in ur code - ur setting the value of <CFSET session.allowin = "True"> in authenticate.cfm
dont u think when u execute ur code - before authenticate.cfm being called - application.cfm will execute & take u back to login page.
according to me - the code for authenticating the user & taking him inside or back to login.cfm shld be on application.cfm file itself ... just a thought !

K'Rgds
Anand
0
 

Author Comment

by:zakirdavis
ID: 9867440
Sorry. Today is 12.03.03 @ 10.56EST

I will check out the feedback when i get home around 18:00HR
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:zakirdavis
ID: 9869234
Please excuse me.

The page where in my original posti stated login_process.cfm, the page is actually called

authenticate.cfm


0
 

Author Comment

by:zakirdavis
ID: 9871841
I found the problem.

In application.cfm

<CFIF session.allowin neq "true">
  <CFIF ListLast(CGI.SCRIPT_NAME, "/") EQ "login.cfm">
    <CFELSEIF ListLast(CGI.SCRIPT_NAME, "/") EQ "login_process.cfm">
    <CFELSE>
    <!--- this user is not logged in, alert user and redirect to the login.cfm page --->
    <SCRIPT>
              alert("You must login to access this area!");
              self.location="login.cfm";
      </SCRIPT>
  </CFIF>
</CFIF>


3rd line in the block "EQ "login.cfm">" that page does not even exist. The name of the page should be authenticate.cfm. I minor error in my page in renaming the files and ect. I appreciate the help.
0
 
LVL 17

Expert Comment

by:anandkp
ID: 9872264
OOPS !

that wld have real tough for us to figure out :)

gr8 going !

Cheers
Anand

0
 
LVL 14

Expert Comment

by:Renante Entera
ID: 9872300
Good !

I am happy that you have resolved your problem.

I don't even what really causes the problem.

Regards!
eNTRANCE2002 :-)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
URL redirect 4 51
Problem to Eclipse 16 118
Has my website been infiltrated? 21 64
Public IP Address Amazon Servers 2 44
Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now