Solved

Roles don't refresh after log out

Posted on 2004-05-03
5
170 Views
Last Modified: 2013-12-24
I have a cflogin-based application.  I have a typical setup with the suggested cflogin structure in the web application construction kit and in the CFdocs.  I have a user interface that allows an admin to update a user's roles.  The problem is that when a user logs in after the roles have been updated, they still have access to all the pages they did before.  How can I make the CF application server requery roles every time a user logs in?  
0
Comment
Question by:OmegaProgrammer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 17

Expert Comment

by:anandkp
ID: 10977019
well i guess this is a browser cache issue

purge ur browser cache & chk again - it shld !
0
 
LVL 35

Expert Comment

by:mrichmon
ID: 10978707
If you are storing the information in  cookies then you may need to clear the user cookies and re-write them.
0
 

Author Comment

by:OmegaProgrammer
ID: 10980967
Well I'm storing the login information in the cfloginuser structure and using the IsUserInRole function.  I assumed that when I ran the cflogout command that it would clear it, but apparently it doesn't.  Any suggestions?
0
 
LVL 35

Accepted Solution

by:
mrichmon earned 500 total points
ID: 10981376
From the cold fusion web app construction kit:

"Behind the scenes the <cflogin> framework sets a cookie on the browser machine to remember the user has logged in"

So it is possible that the cookie is not getting cleared.

Additionally you may want to try using the optional attribute IDLETIMEOUT="seconds"

The default is 1800 seconds (30 min).  You could try setting this to 300 (5 min) and see what happens....
0
 
LVL 2

Expert Comment

by:LeaperJPD
ID: 10991334
I think this would be related to the session variables / etc. that coldfusion uses.  Stuff this code into the onrequestend.cfm template for the application in question.

 <cfif IsDefined("cookie.CFID")>
 <cfcookie name="CFID" value="#cookie.CFID#">
</cfif>
<cfif IsDefined("cookie.CFToken")>
 <cfcookie name="CFToken" value="#cookie.CFToken#">
</cfif>

or just put that code at the end of each page where you expect the user to log out, but DO NOT use it after a cflocation or it won't work.
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the typical problems I have experienced is when you have to move a web server from one hosting site to another. You normally prepare all on the new host, transfer the site, change DNS and cross your fingers hoping all will be ok on new server…
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question