jturkington
asked on
Login System - Storing UserID
Having a few issues with my login system, the problem basically is that the userid is showing as the last person that logged into the browser instead of the currently logged in user ??
Any ideas ??
The Code: -
<cfapplication name="IntranetBeta" sessionmanagement="yes" clientmanagement="yes" clientstorage="CFMXVars">
<!--- Setup Request Variables for Intranet --->
<cfset REQUEST.dsn = "bd1">
<cfset REQUEST.intranetversion = "Intranet v1.00">
<!--- Sets Locale to English UK --->
<cfset SetLocale("English (UK)")>
<cfif IsDefined("FORM.logout")>
<cflogout>
</cfif>
<!--- Force The User To Login, if not already done so --->
<cflogin>
<cfif NOT IsDefined("cflogin")>
<cfinclude template="LoginSystem/dsp_
<cfabort>
<cfelse>
<cfif cflogin.name IS "" OR cflogin.password IS "">
<cfoutput>
<br /><br />
<p align="center"><b style='color:red'>Username
</cfoutput>
<cfinclude template="/loginsystem/dsp
<cfabort>
<cfelse>
<!--- Select UserID and Roles --->
<cfstoredproc procedure="spSelect_Login_
<cfprocparam type="In" maxlength="50" cfsqltype="cf_sql_varchar"
<cfprocparam type="In" maxlength="50" cfsqltype="cf_sql_varchar"
<cfprocresult name="Get_LoginQuery">
</cfstoredproc>
<cfif Get_LoginQuery.Roles NEQ "">
<cfloginuser name="#cflogin.name#" Password = "#cflogin.password#" roles="#Get_LoginQuery.Rol
<!--- This isnt working properly !!! --->
<cfset SESSION.userid = Get_LoginQuery.userid>
<cfelse>
<cfoutput>
<br /><br >
<p align="center"><b style='color:red'>Login failed check Username & Password</p>
</cfoutput>
<cfinclude template="/LoginSystem/dsp
<cfabort>
</cfif>
</cfif>
</cfif>
</cflogin>
Any ideas ??
The Code: -
<cfapplication name="IntranetBeta" sessionmanagement="yes" clientmanagement="yes" clientstorage="CFMXVars">
<!--- Setup Request Variables for Intranet --->
<cfset REQUEST.dsn = "bd1">
<cfset REQUEST.intranetversion = "Intranet v1.00">
<!--- Sets Locale to English UK --->
<cfset SetLocale("English (UK)")>
<cfif IsDefined("FORM.logout")>
<cflogout>
</cfif>
<!--- Force The User To Login, if not already done so --->
<cflogin>
<cfif NOT IsDefined("cflogin")>
<cfinclude template="LoginSystem/dsp_
<cfabort>
<cfelse>
<cfif cflogin.name IS "" OR cflogin.password IS "">
<cfoutput>
<br /><br />
<p align="center"><b style='color:red'>Username
</cfoutput>
<cfinclude template="/loginsystem/dsp
<cfabort>
<cfelse>
<!--- Select UserID and Roles --->
<cfstoredproc procedure="spSelect_Login_
<cfprocparam type="In" maxlength="50" cfsqltype="cf_sql_varchar"
<cfprocparam type="In" maxlength="50" cfsqltype="cf_sql_varchar"
<cfprocresult name="Get_LoginQuery">
</cfstoredproc>
<cfif Get_LoginQuery.Roles NEQ "">
<cfloginuser name="#cflogin.name#" Password = "#cflogin.password#" roles="#Get_LoginQuery.Rol
<!--- This isnt working properly !!! --->
<cfset SESSION.userid = Get_LoginQuery.userid>
<cfelse>
<cfoutput>
<br /><br >
<p align="center"><b style='color:red'>Login failed check Username & Password</p>
</cfoutput>
<cfinclude template="/LoginSystem/dsp
<cfabort>
</cfif>
</cfif>
</cfif>
</cflogin>
At a guess I would assume that you are not using J2EE session variables? The other possibility is that you need to destroy the session.userid value upon logout and you are not doing this?
One thing I've done that works great is store everything I want available in session data in a structure (I usually use a key of 'user' for this). So to store the user id of a logged in user put it in Session.User.UserID rather than Session.UserID. You can create the structure either onSessionStart() - in application.cfc or you can simply do a Session.User = StructNew() prior to storing anything in it.
Then store anything else you want for the user in this structure with appropriate keys.
When they log out you can either structDelete(session,'user
In either case, if you're using J2EE sessions they will auto-expire as soon as the browser window is closed so in that case you're dealing with a whole new user and your app should work fine no matter what.
One thing I've done that works great is store everything I want available in session data in a structure (I usually use a key of 'user' for this). So to store the user id of a logged in user put it in Session.User.UserID rather than Session.UserID. You can create the structure either onSessionStart() - in application.cfc or you can simply do a Session.User = StructNew() prior to storing anything in it.
Then store anything else you want for the user in this structure with appropriate keys.
When they log out you can either structDelete(session,'user
In either case, if you're using J2EE sessions they will auto-expire as soon as the browser window is closed so in that case you're dealing with a whole new user and your app should work fine no matter what.
ASKER
Thanks digicidal for the advice, no i am not using J2EE session variables i enabled this and it seemed to work fine for a while and then everything crashed with a JRUN CLOSED CONNECTION message.
I have a CFLOGOUT button on the app so users can log off, but 9 times out of ten they just close the browser which i think is causing the problems.
Digicidal can you give me an example on how i can incorporate the Session User Structure into my code above
Thanks
JT
I have a CFLOGOUT button on the app so users can log off, but 9 times out of ten they just close the browser which i think is causing the problems.
Digicidal can you give me an example on how i can incorporate the Session User Structure into my code above
Thanks
JT
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
As far as your 'JRUN CLOSED CONNECTION' error you should read this:
http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=tn_19301
That should help eliminate that in the future or will at the very least allow you to understand the reason for it occurring.
http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=tn_19301
That should help eliminate that in the future or will at the very least allow you to understand the reason for it occurring.
I'm assuming that the problem with the java error was resolved by the tech entry, but since no feedback occurred after the session handling code I put up was tried, I don't know for sure if it helped.
ASKER
digicidal, sorry for not replying sooner i got sidetracked as always LOL !
Thanks for the code above and the knowledgebase article
JT
Thanks for the code above and the knowledgebase article
JT
I don't see the code that is displaying the userid?
Regards
Plucka