• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 745
  • Last Modified:

OnRequestStart - Security Sign on and Request Page Setup together

I have made use of the Application.cfc and the OnRequestStart to require a security signon. I have a new application that uses the OnRequestStart to setup the Request argument for each page processes.

I need to add the security feature but I do not know how to get both to work under OnRequestStart. I tried to copy one with the other and got error saying "missing /cffunction" . I also tried naming one as "OnRequestStart" and the other as "OnRequest"  Result: I either get the secuirty screen working but it will no longer go to the index.cfm page. Or I get to my index.cfm without a needed security signon.

How do I get both to work>>>??????

Here is my code:

<cfcomponent
      output="false"
      hint="Handles the application-level event handlers and application settings.">
      
      
      <!--- Define application settings. --->
           <cfset THIS.Name = "events" />
        <cfset THIS.sessionmanagement="Yes">
        <cfset THIS.clientmanagement="Yes">
        <cfset THIS.setclientcookies="Yes">
        <cfset THIS.loginstorage="session">
        <cfset THIS.sessiontimeout="#createtimespan(0,1,0,0)#">
        <cfset THIS.applicationtimeout="#createtimespan(0,4,0,0)#">

        <cfset REQUEST.Source = "RQITest" />

      <!--- Define page request settings. --->
      <cfsetting
            showdebugoutput="true"
            requesttimeout="20"
            />

      
  <cffunction name="onApplicationStart" returnType="boolean" output="false">
    <!--- When did the application start? --->
    <cfset APPLICATION.appStarted = now()>

    <cfreturn true>
  </cffunction>

  <cffunction name="onApplicationEnd" returnType="void" output="false">
    <cfargument name="appScope" required="true">

    <!--- Log how many minutes the application stayed alive --->
    <cflog file="#THIS.name#" text=
"App ended after #dateDiff('n',ARGUMENTS.appScope.appStarted,now())# minutes.">

  </cffunction>


      <cffunction
            name="OnRequest">
            
                  <!--- If user is not logged in, force them to now --->
      <cfif NOT IsDefined("Session.Auth.IsloggedIn")>
      <!--- If the user is now submitting "login" form, include Login Check" code to validate user --->
                  <cfif IsDefined("Form.UserLogin")>
                              <cfinclude template="home/LoginCheck.cfm">
                  </cfif>
            
            <cfinclude template="home/Login.cfm">
       <cfabort>
      </cfif>
  </cffunction>      
 


<cffunction
            name="OnRequestStart"
            access="public"
            returntype="boolean"
            output="false"
            hint="Fires the initial pre-page processing event.">
            
            <!--- Define arguments. --->
            <cfargument
                  name="Page"
                  type="string"
                  required="true"
                  hint="The ColdFusion script who's execution has been requested."
                  />
            

            <cfset REQUEST.DSN = StructNew() />
            <cfset REQUEST.DSN.Source = "RQITest" />
            <cfreturn true />
      </cffunction>

      
            
</cfcomponent>
0
mahpog
Asked:
mahpog
1 Solution
 
_agx_Commented:
Hi mahpog,

There are at least two ways you could do this

1)  Do everything in the OnRequestStart method and remove the OnRequest method (OR)
2)  Do the security check in OnRequestStart.  

Be aware that when you use the OnRequest method you _must_ explicitly <cfinclude> the requested page yourself.  Otherwise nothing will happen.  ie You will just get a blank screen.

Also, the security check should test the value of Session.Auth.IsloggedIn as well.  If the value is "false" the user should be redirected to the login page.


=====================================
OPTION # 1   (NOTE: There is no OnRequest Method)
=====================================
 
....
<cffunction name="OnRequestStart" access="public" output="false">
	<cfargument name="Page" 
		type="string" 
		required="true"
		hint="The ColdFusion script who's execution has been requested." />
 
	<!--- Check the variable AND its value --->
	<!--- You could also set a default value in OnSessionStart --->
   	<cfif NOT IsDefined("Session.Auth.IsloggedIn") OR NOT Session.Auth.IsloggedIn>
		<cfif IsDefined("Form.UserLogin")>
        	<cfinclude template="home/LoginCheck.cfm" />
		<cfelse>
	       	<cfinclude template="home/Login.cfm" />
        </cfif>
		<cfabort />
	</cfif>
 
	<cfset REQUEST.DSN = StructNew() />
    <cfset REQUEST.DSN.Source = "RQITest" />
</cffunction>
....
 
 
=====================================
OPTION # 2 (Use both OnRequest and OnRequestStart)
=====================================
 
....
<cffunction name="OnRequest" returntype="void" access="public">
	<cfargument name="Page" 
		type="string" 
		required="true"
		hint="The ColdFusion script who's execution has been requested." />
 
	<cfset REQUEST.DSN = StructNew() />
    <cfset REQUEST.DSN.Source = "RQITest" />
	<cfinclude template="#arguments.page#" />
</cffunction>      
 
 
<cffunction name="OnRequestStart" access="public" output="false">
	<cfargument name="Page" 
		type="string" 
		required="true"
		hint="The ColdFusion script who's execution has been requested." />
 
	<!--- Check the variable AND its value --->
	<!--- You could also set a default value in OnSessionStart --->
   	<cfif NOT IsDefined("Session.Auth.IsloggedIn") OR NOT Session.Auth.IsloggedIn>
		<cfif IsDefined("Form.UserLogin")>
        	<cfinclude template="home/LoginCheck.cfm" />
		<cfelse>
	       	<cfinclude template="home/Login.cfm" />
        </cfif>
		<cfabort />
	</cfif>
</cffunction>
....

Open in new window

0
 
mahpogAuthor Commented:
Both examples worked great. I am happy to see a solution. I have all the Coldfusion Books, and there are no examples of combined situations as mine. Thanks!
0

Featured Post

2018 Annual Membership Survey

Here at Experts Exchange, we strive to give members the best experience. Help us improve the site by taking this survey today! (Bonus: Be entered to win a great tech prize for participating!)

Tackle projects and never again get stuck behind a technical roadblock.
Join Now