• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 288
  • Last Modified:

Login System - Storing UserID

Having a few issues with my login system, the problem basically is that the userid is showing as the last person that logged into the browser instead of the currently logged in user ??

Any ideas ??

The Code: -

<cfapplication name="IntranetBeta" sessionmanagement="yes" clientmanagement="yes" clientstorage="CFMXVars">

<!--- Setup Request Variables for Intranet --->
<cfset REQUEST.dsn = "bd1">
<cfset REQUEST.intranetversion = "Intranet v1.00">

<!--- Sets Locale to English UK  --->
<cfset SetLocale("English (UK)")>

<cfif IsDefined("FORM.logout")>
   <cflogout>
</cfif>

<!--- Force The User To Login, if not already done so --->
<cflogin>
   <cfif NOT IsDefined("cflogin")>
      <cfinclude template="LoginSystem/dsp_LoginForm.cfm">
      <cfabort>
      <cfelse>
         <cfif cflogin.name IS "" OR cflogin.password IS "">
            <cfoutput>
               <br /><br />
               <p align="center"><b style='color:red'>Username & Password Must Be Entered</b></p>
            </cfoutput>
            <cfinclude template="/loginsystem/dsp_loginform.cfm">
            <cfabort>
         <cfelse>
            <!--- Select UserID and Roles  --->
            <cfstoredproc procedure="spSelect_Login_Query" datasource="#REQUEST.dsn#">
               <cfprocparam type="In" maxlength="50" cfsqltype="cf_sql_varchar" value="#cflogin.name#" null="no">
               <cfprocparam type="In" maxlength="50" cfsqltype="cf_sql_varchar" value="#cflogin.password#" null="no">
               <cfprocresult name="Get_LoginQuery">
            </cfstoredproc>
                  
                  
            <cfif Get_LoginQuery.Roles NEQ "">
               <cfloginuser name="#cflogin.name#" Password = "#cflogin.password#" roles="#Get_LoginQuery.Roles#">
               <!--- This isnt working properly !!! --->
               <cfset SESSION.userid = Get_LoginQuery.userid>      
            <cfelse>
               <cfoutput>
                  <br /><br >
                  <p align="center"><b style='color:red'>Login failed check Username & Password</p>
               </cfoutput>  
               <cfinclude template="/LoginSystem/dsp_LoginForm.cfm">
               <cfabort>
            </cfif>
         </cfif>
   </cfif>
</cflogin>
0
jturkington
Asked:
jturkington
  • 4
  • 2
1 Solution
 
PluckaCommented:
jturkington,

I don't see the code that is displaying the userid?

Regards
Plucka
0
 
digicidalCommented:
At a guess I would assume that you are not using J2EE session variables?  The other possibility is that you need to destroy the session.userid value upon logout and you are not doing this?

One thing I've done that works great is store everything I want available in session data in a structure (I usually use a key of 'user' for this).  So to store the user id of a logged in user put it in Session.User.UserID rather than Session.UserID.  You can create the structure either onSessionStart() - in application.cfc or you can simply do a Session.User = StructNew() prior to storing anything in it.

Then store anything else you want for the user in this structure with appropriate keys.

When they log out you can either structDelete(session,'user') - this is good if you create the structure during the actual login process; or you can do another Session.User = StructNew() - which is good if you create the structure in application.cfc using the onSessionStart() method because they will now have a new and blank structure to operate in if they choose to log back into the application immediately (i.e. switch users).

In either case, if you're using J2EE sessions they will auto-expire as soon as the browser window is closed so in that case you're dealing with a whole new user and your app should work fine no matter what.
0
 
jturkingtonAuthor Commented:
Thanks digicidal for the advice, no i am not using J2EE session variables i enabled this and it seemed to work fine for a while and then everything crashed with a JRUN CLOSED CONNECTION message.

I have a CFLOGOUT button on the app so users can log off, but 9 times out of ten they just close the browser which i think is causing the problems.

Digicidal can you give me an example on how i can incorporate the Session User Structure into my code above

Thanks

JT
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
digicidalCommented:
Try replacing this:

<!--- This isnt working properly !!! --->
        <cfset SESSION.userid = Get_LoginQuery.userid>

With this:
<!--- This should work better for you !!! --->
        <cfset SESSION.User = structNew()>
        <cfset SESSION.User.userid = Get_LoginQuery.userid>

Now you have your structure... you can store anything you want in it by supplying new keys for the adds.  Like so:
<cfset SESSION.User.SomeOtherValue = REQUEST.TheValueToStoreThere>
(Since your SESSION scope is basically a structure of structures you can store other structures or arrays, etc...)

Then in your logout processing... instead of this...
<cfif IsDefined("FORM.logout")>
   <cflogout>
</cfif>

Use this instead...
<cfif IsDefined("FORM.logout")>
    <cfset temp=structDelete(SESSION,"User")>
    <cflogout>
</cfif>

BTW... I've stopped using the <cflogin><cflogout> construct in favor of my own.  This should work just fine with it, but in general I shy away from code I'm not in control of that just 'works' since the bugs are invisible to me.  You can simply use <cfif IsDefined("SESSION.User.userid") AND IsNumeric(SESSION.User.UserID)> anywhere you want to verify that the user is currently logged in.  If they are idle too long then SESSION doesn't exist (hence the conditional fails) and if for some reason there is nothing or something other than a valid UserID stored in SESSION.User.userid then it will fail as well.  Just food for thought.  I think this will work well for you.
0
 
digicidalCommented:
As far as your 'JRUN CLOSED CONNECTION' error you should read this:

http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=tn_19301

That should help eliminate that in the future or will at the very least allow you to understand the reason for it occurring.
0
 
digicidalCommented:
I'm assuming that the problem with the java error was resolved by the tech entry, but since no feedback occurred after the session handling code I put up was tried, I don't know for sure if it helped.
0
 
jturkingtonAuthor Commented:
digicidal, sorry for not replying sooner i got sidetracked as always LOL !

Thanks for the code above and the knowledgebase article

JT  
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now