Login System - Storing UserID

Having a few issues with my login system, the problem basically is that the userid is showing as the last person that logged into the browser instead of the currently logged in user ??

Any ideas ??

The Code: -

<cfapplication name="IntranetBeta" sessionmanagement="yes" clientmanagement="yes" clientstorage="CFMXVars">

<!--- Setup Request Variables for Intranet --->
<cfset REQUEST.dsn = "bd1">
<cfset REQUEST.intranetversion = "Intranet v1.00">

<!--- Sets Locale to English UK  --->
<cfset SetLocale("English (UK)")>

<cfif IsDefined("FORM.logout")>
   <cflogout>
</cfif>

<!--- Force The User To Login, if not already done so --->
<cflogin>
   <cfif NOT IsDefined("cflogin")>
      <cfinclude template="LoginSystem/dsp_LoginForm.cfm">
      <cfabort>
      <cfelse>
         <cfif cflogin.name IS "" OR cflogin.password IS "">
            <cfoutput>
               <br /><br />
               <p align="center"><b style='color:red'>Username & Password Must Be Entered</b></p>
            </cfoutput>
            <cfinclude template="/loginsystem/dsp_loginform.cfm">
            <cfabort>
         <cfelse>
            <!--- Select UserID and Roles  --->
            <cfstoredproc procedure="spSelect_Login_Query" datasource="#REQUEST.dsn#">
               <cfprocparam type="In" maxlength="50" cfsqltype="cf_sql_varchar" value="#cflogin.name#" null="no">
               <cfprocparam type="In" maxlength="50" cfsqltype="cf_sql_varchar" value="#cflogin.password#" null="no">
               <cfprocresult name="Get_LoginQuery">
            </cfstoredproc>
                  
                  
            <cfif Get_LoginQuery.Roles NEQ "">
               <cfloginuser name="#cflogin.name#" Password = "#cflogin.password#" roles="#Get_LoginQuery.Roles#">
               <!--- This isnt working properly !!! --->
               <cfset SESSION.userid = Get_LoginQuery.userid>      
            <cfelse>
               <cfoutput>
                  <br /><br >
                  <p align="center"><b style='color:red'>Login failed check Username & Password</p>
               </cfoutput>  
               <cfinclude template="/LoginSystem/dsp_LoginForm.cfm">
               <cfabort>
            </cfif>
         </cfif>
   </cfif>
</cflogin>
jturkingtonAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

PluckaCommented:
jturkington,

I don't see the code that is displaying the userid?

Regards
Plucka
0
digicidalCommented:
At a guess I would assume that you are not using J2EE session variables?  The other possibility is that you need to destroy the session.userid value upon logout and you are not doing this?

One thing I've done that works great is store everything I want available in session data in a structure (I usually use a key of 'user' for this).  So to store the user id of a logged in user put it in Session.User.UserID rather than Session.UserID.  You can create the structure either onSessionStart() - in application.cfc or you can simply do a Session.User = StructNew() prior to storing anything in it.

Then store anything else you want for the user in this structure with appropriate keys.

When they log out you can either structDelete(session,'user') - this is good if you create the structure during the actual login process; or you can do another Session.User = StructNew() - which is good if you create the structure in application.cfc using the onSessionStart() method because they will now have a new and blank structure to operate in if they choose to log back into the application immediately (i.e. switch users).

In either case, if you're using J2EE sessions they will auto-expire as soon as the browser window is closed so in that case you're dealing with a whole new user and your app should work fine no matter what.
0
jturkingtonAuthor Commented:
Thanks digicidal for the advice, no i am not using J2EE session variables i enabled this and it seemed to work fine for a while and then everything crashed with a JRUN CLOSED CONNECTION message.

I have a CFLOGOUT button on the app so users can log off, but 9 times out of ten they just close the browser which i think is causing the problems.

Digicidal can you give me an example on how i can incorporate the Session User Structure into my code above

Thanks

JT
0
Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

digicidalCommented:
Try replacing this:

<!--- This isnt working properly !!! --->
        <cfset SESSION.userid = Get_LoginQuery.userid>

With this:
<!--- This should work better for you !!! --->
        <cfset SESSION.User = structNew()>
        <cfset SESSION.User.userid = Get_LoginQuery.userid>

Now you have your structure... you can store anything you want in it by supplying new keys for the adds.  Like so:
<cfset SESSION.User.SomeOtherValue = REQUEST.TheValueToStoreThere>
(Since your SESSION scope is basically a structure of structures you can store other structures or arrays, etc...)

Then in your logout processing... instead of this...
<cfif IsDefined("FORM.logout")>
   <cflogout>
</cfif>

Use this instead...
<cfif IsDefined("FORM.logout")>
    <cfset temp=structDelete(SESSION,"User")>
    <cflogout>
</cfif>

BTW... I've stopped using the <cflogin><cflogout> construct in favor of my own.  This should work just fine with it, but in general I shy away from code I'm not in control of that just 'works' since the bugs are invisible to me.  You can simply use <cfif IsDefined("SESSION.User.userid") AND IsNumeric(SESSION.User.UserID)> anywhere you want to verify that the user is currently logged in.  If they are idle too long then SESSION doesn't exist (hence the conditional fails) and if for some reason there is nothing or something other than a valid UserID stored in SESSION.User.userid then it will fail as well.  Just food for thought.  I think this will work well for you.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
digicidalCommented:
As far as your 'JRUN CLOSED CONNECTION' error you should read this:

http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=tn_19301

That should help eliminate that in the future or will at the very least allow you to understand the reason for it occurring.
0
digicidalCommented:
I'm assuming that the problem with the java error was resolved by the tech entry, but since no feedback occurred after the session handling code I put up was tried, I don't know for sure if it helped.
0
jturkingtonAuthor Commented:
digicidal, sorry for not replying sooner i got sidetracked as always LOL !

Thanks for the code above and the knowledgebase article

JT  
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Servers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.