Cookies & Coldfusion

LelloLello
LelloLello used Ask the Experts™
on
I have a membes site.

I Received a call from Lina, saying that when she logs in to her online member account she is seeing Joe account as opposed to hers.

So here what happense
Joe came to Lina desk yesterday (as she have the company VISA)..   She did this for another employee the previous week as well and that worked fine.

She tried to log in to Joe account from her computer in the past.
Joe and her use different computers.  They have Internet explorer version 8..  She have paid dues for her taff in prior years and she've never experienced this problem before.

So in that case what she have to do to clean her cookies.

We're using cookies for login criteria. So what she should do ? Clean cookies or what i have to do... Is there a function in coldfusion to clean all cookies?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2013
Commented:
If you go into the internet options you will find (under general) the option to delete temporary files.  there is also a settings option that allows whitelist for some sites and blocks others.

Cd&
You shouldn't have to clear web cookies and cache in order for your application to thoroughly logout one user in order to login another.

We have to look at how you are keeping the user's session and how you are clearing it on logout.   There should be no problem with one person logging off and another logging in.

Can you share some of your login code and logout code... just the part around the session variables or cookies or whatever you are using to keep their login.

Author

Commented:
Thank you Gdemaria for your reply. Do you think that person didn't put Logout. Because it's working fine on my computer i've log in as her login then i logout. then i login in as his login and i log out. So i didn't see that problem on my end. Do you think this is something on her end that she has make sure to logout after every session. What is your recommandation. thank you for your time !!

HEre is my login code.

<CFSET isError="False">
<cfparam name="Form.RememberLogin" default="No">
<cfparam name="Task" default="">
<cfparam name="Form.LoginName" default="">
<cfparam name="Lang" default="E">

<cfset LAng=UCase(Lang)>
<cfif Lang eq 'E'>
&#9;<cfset EmailLogin="index_e">
<cfelse>
&#9;<cfset EmailLogin="index_f">
</cfif>




<CFIF Task EQ "ClientLogin">
&#9;<cfif #LEN(TRIM(Form.LoginName))# EQ 0>
&#9;      <CFLOCATION URL="#EmailLogin#.cfm?Task=FailedLogin" addtoken="no">
&#9;</cfif>

    <CFQUERY NAME="CheckUser" DATASOURCE="ac" username="#application.username#" password="#application.password#">
    SELECT *
    FROM users
    WHERE login = '#Form.LoginName#'
    AND password = '#Form.password#' 
&#9;AND bln_webinar_only = 0 
    </CFQUERY>

    <CFIF CheckUser.RecordCount LTE 0>
&#9; &#9;<CFLOOP INDEX="x" LIST="#GetClientVariablesLIST()#">
&#9;&#9;&#9;<cfset deleted=deleteClientvariable("#x#")>
&#9; &#9;</cfloop> &#9;
&#9;      <CFLOCATION URL="#EmailLogin#.cfm?Task=FailedLogin&added=#EmailLogin#" addtoken="no">
&#9;</CFIF>
&#9;

&#9;<cfif Form.RememberLogin eq "Yes">
&#9;&#9;<cfcookie name="LoginName" value="#Form.LoginName#" expires="NEVER">

&#9;<cfelse>
&#9;&#9;<cfcookie name="LoginName" value="" expires="NOW">&#9;&#9;&#9;

&#9;</cfif>
 &#9;<CFLOOP INDEX="x" LIST="#GetClientVariablesLIST()#">
&#9;&#9;<cfset deleted=deleteClientvariable("#x#")>
 &#9;</cfloop> &#9;
&#9;<!--- Create the Session Variables--->
&#9;<CFSET Client.STARTED=TRUE>
&#9;<CFSET Client.USER_NAME="#CheckUser.lastname# ,#CheckUser.firstname#">
&#9;<CFCOOKIE NAME="CFID" VALUE="#Client.CFID#">
&#9;<CFCOOKIE NAME="CFTOKEN" VALUE="#Client.CFTOKEN#">
&#9;<CFSET LOGIN="Yes">
&#9;<CFSET Client.isEnrollee="#CheckUser.cia_enrollee#">
&#9;<CFSET Client.user_id="#CheckUser.user_id#">
&#9;<CFSET Client.Language="#Language#">
&#9;<CFSET Client.isAdmin="No">

&#9;<CFQUERY NAME="FELLOW" DATASOURCE="ac" username="#application.username#" password="#application.password#">
&#9;SELECT DISTINCT ENROLLEE_ID_NUMBER, REF_ID
&#9;FROM USERS, ENROLLEES
&#9;WHERE ((USERS.USER_ID = #CheckUser.user_id#) AND (ENROLLEES.ENROLLEE_ID_NUMBER = USERS.ID_NUMBER)) AND (ENROLLEES.ENROLLEE_TYPE = 'FL' OR ENROLLEES.ENROLLEE_TYPE = 'FLX')
&#9;</CFQUERY>

&#9;<CFIF #FELLOW.RecordCount# GT 0>
&#9;  <CFSET "cLIENT.FL" = "1">&#9;
&#9;<CFELSE>
&#9;  <CFSET "CLIENT.FL" = "0">&#9;&#9;&#9;&#9;&#9;&#9;&#9;
&#9;</CFIF>

&#9;<CFQUERY NAME="ID_NUMBER" DATASOURCE="ac" username="#application.username#" password="#application.password#">
&#9;SELECT ENROLLEE_ID_NUMBER
&#9;FROM USERS, ENROLLEES
&#9;WHERE (USERS.USER_ID = #CheckUser.user_id#) AND (ENROLLEES.ENROLLEE_ID_NUMBER = USERS.ID_NUMBER)
&#9;</CFQUERY>
&#9;
&#9;<CFSET "CLIENT.ID_NUMBER" = "#ID_NUMBER.ENROLLEE_ID_NUMBER#">
&#9;
&#9;<CFQUERY NAME="CC" DATASOURCE="ac" username="#application.username#" password="#application.password#">
&#9;SELECT count(USERS.USER_ID) as RCount
&#9;FROM USERS, ENROLLEES, CTTEE_ACTIVITY, CTTEE_POSITIONS
&#9;WHERE ((USERS.USER_ID = #CheckUser.user_id#) AND (ENROLLEES.ENROLLEE_ID_NUMBER = USERS.ID_NUMBER) AND (ENROLLEES.ENROLLEE_ID_NUMBER = CTTEE_ACTIVITY.ID)) AND ((CTTEE_ACTIVITY.ACTIVITY_TYPE = 'COMMITTEE') AND (CTTEE_ACTIVITY.ACTION_CODES = CTTEE_POSITIONS.POSITION_CODE) AND (CTTEE_POSITIONS.RANK < '19') AND (CTTEE_ACTIVITY.THRU_DATE > getdate()))
&#9;</CFQUERY>
&#9;
&#9;<CFQUERY NAME="CC2" DATASOURCE="ac" username="#application.username#" password="#application.password#">
&#9;SELECT count(USERS.USER_ID) as RCount
&#9;FROM USERS, ENROLLEES, CTTEE_ACTIVITY
&#9;WHERE ((USERS.USER_ID = #CheckUser.user_id#) AND (ENROLLEES.ENROLLEE_ID_NUMBER = USERS.ID_NUMBER) AND (ENROLLEES.ENROLLEE_ID_NUMBER = CTTEE_ACTIVITY.ID)) AND ((CTTEE_ACTIVITY.ACTIVITY_TYPE = 'COMMITTEE') AND (CTTEE_ACTIVITY.OTHER_CODE = 'CVI') AND (CTTEE_ACTIVITY.THRU_DATE > getdate()))
&#9;</CFQUERY>
&#9;
&#9;<CFQUERY NAME="STAFF" DATASOURCE="ac" username="#application.username#" password="#application.password#">
&#9;SELECT count(USERS.USER_ID) as RCount
&#9;FROM USERS, ENROLLEES
&#9;WHERE ((USERS.USER_ID = #CheckUser.user_id#) AND (ENROLLEES.ENROLLEE_ID_NUMBER = USERS.ID_NUMBER) AND (ENROLLEES.ENROLLEE_TYPE LIKE 'STF%'))
&#9;</CFQUERY>

&#9;<CFQUERY NAME="DP" DATASOURCE="ac" username="#application.username#" password="#application.password#">
SELECT ENROLLEE_ID_NUMBER
FROM ENROLLEES, CTTEE_ACTIVITY
WHERE (ENROLLEES.ENROLLEE_ID_NUMBER = '693016') 
AND (ENROLLEES.ENROLLEE_ID_NUMBER = CTTEE_ACTIVITY.ID)
AND (CTTEE_ACTIVITY.ACTIVITY_TYPE = 'COMMITTEE') 
AND (CTTEE_ACTIVITY.OTHER_CODE = 'DP')
AND (CTTEE_ACTIVITY.ACTION_CODES = 'C') 
AND (CTTEE_ACTIVITY.THRU_DATE > getdate())
&#9;</CFQUERY>
&#9;
&#9;<CFIF #CC.RCount# GT 0>
&#9;  <CFSET "client.CC" = "1">&#9;
&#9;<CFELSEIF #CC2.RCount# GT 0>
&#9;  <CFSET "client.CC" = "1">
&#9;<CFELSEIF #STAFF.RCount# GT 0>
&#9;  <CFSET "client.CC" = "1">&#9;
&#9;<CFELSE>
&#9;  <CFSET "client.CC" = "0">&#9;&#9;&#9;&#9;&#9;&#9;&#9;
&#9;</CFIF>&#9;

&#9;<CFIF #DP.RecordCount# GT 0>
  &#9;  <CFSET "CLIENT.DP" = "1">&#9;
&#9;<CFELSE>
 &#9;  <CFSET "CLIENT.DP" = "0">&#9;&#9;&#9;&#9;&#9;&#9;&#9;
&#9;</CFIF>&#9;
&#9;
&#9;<!-- frames -->
&#9;<!-- frames -->
&#9;<cfoutput>
&#9;<cfif Lang eq "E">
&#9;&#9;<meta http-equiv="Refresh" content="0; URL=/members/security/email_e.cfm?Lang=#LANG#&Task=ClientLogin">
&#9;<cfelse>
&#9;&#9;<meta http-equiv="Refresh" content="0; URL=/members/security/email_f.cfm?Lang=#LANG#&Task=ClientLogin">
&#9;</cfif>
&#9;</cfoutput>
&#9;<cfabort>
  <!--- 
&#9;<cflocation URL="/members/account/login.cfm?Lang=#LANG#"> --->
&#9;

<CFELSEIF Task IS "New">
&#9;<cfif Lang eq "E">
&#9;<meta http-equiv="Refresh" content="0" URL=create_new_account_e.cfm">
&#9;<cfelse>
&#9;<meta http-equiv="Refresh" content="0" URL=create_new_account_f.cfm">
&#9;</cfif>
</CFIF>

Open in new window

Introduction to R

R is considered the predominant language for data scientist and statisticians. Learn how to use R for your own data science projects.

Thanks for the code - I am not seeing where you check to see if a user is logged in or not.   You are placing several variables, but I am curious which one you use to see if the person is logged in.

I'm sorry to tell you this, but IMHO, you are not doing login appropriately at all.  

You need to use session scoped variables to maintain a login, not client scoped variables.   Client variables do not expire.   Session variables timeout and that is critical because most people do not click Logout, then just close their browser.   Your users are not getting logged out.

In general, I am not a fan of client variables, I've never used them - I don't see their benefit.   Variables to maintain a login session should be in the session scope, long term should be in the cookie.   Client variables often write to the registry and have lots of restrictions.

Sorry - But if I were you, I would rewrite this part.

Author

Commented:
Here I'm check to see if a user is looged in or not.  

What do you think :) ? I like your advice very professional. Please let  me know.

<!---Set page-level variables for determining left nav display and nav highlighting--->
<cfset sec = "members-home">
<cfset subsec = "">
<cfset subsubsec = "">

<cfparam name="URL.Task" default=""> 
<cfparam name="FORM.LoginName" default="">
<cfparam name="LANG" default="E">
<!--- 
<CFIF ParameterExists(Task)>
	<CFIF Task NEQ "LogOut">
	<CFSET APPLICATION.APPLICATIONTIMEOUT="ac Enrollee Security Layer">
	</CFIF>
</CFIF> --->

<!--- Check if user already login --->
<cfif ISDEFINED("Client.Started") >
	<cflocation url="/members/security/email_e.cfm?Lang=#LANG#&Task=ClientLogin" addtoken="No">
</cfif>

<CFIF Task Eq "Hint">
	<cfif #Len(Trim(FORM.LoginName))# GT 0>
	    <CFQUERY NAME="CheckUser" datasource="ac" username="#application.username#" password="#application.password#">
	    SELECT * 
	    FROM users
	    WHERE login = '#FORM.LoginName#'
	    </CFQUERY>
	<CFELSE>
        <CFLOCATION URL="index_e.cfm?Task=FailedLogin">
	</CFIF>

      <CFIF CheckUser.RecordCount LTE 0>
        <CFLOCATION URL="index_e.cfm?Task=FailedLogin">
      </CFIF>
</CFIF>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

<head>
	<title>Members Site | AC</title>
	<meta name="robots" content="noindex, follow"> 
	<cfinclude template="../includes/head_e.cfm">

<script language="JavaScript">
timeout = null;
win = null;

function OpenNewWin()
{
	if (win == null)
	{
		win = window.open("instructions_e.cfm", "small", "toolbar,menubar,scrollbars,resizable,width=480,height=300");
    }
	else
	{
		if (win.closed == true)
		{
			win = window.open("instructions_e.cfm", "small", "toolbar,menubar,scrollbars,resizable,width=480,height=300");			
		}
		else 
			win.focus();
	}

}
function kill_window(Window)
{
	if (Window != null)
	{
		if (Window.open)
		{
			win = null;
			Window.close();
		}
	}
	
}

</script>
<style type="text/css">
    .listtext {
      color: #FFFFFF;
      font-family: arial;
      font-size: 11px;
    }
    .listtext a {
      color: #FFFFFF;
      text-decoration: none;
    }
    .listtext a:hover {
      color: #FFFFFF;
      text-decoration: underline;
    }
  </style>
</head>

<body>

<cfinclude template="../includes/header_e.cfm">

<cfinclude template="../includes/menu_e.cfm">

<table align="center" border="0" cellpadding="0" cellspacing="0" width="1001">
<tr valign="top">
	<td width="17"><img src="../images/spacer.gif" alt="" width="17" height="1" border="0"></td>
	<td width="225" id="leftnav">
		<img src="../images/wrapper/options-spacer1.gif" alt="" width="225" height="21" border="0"><br>
		<img src="../images/wrapper/leftnav-top.gif" alt="" width="225" height="10" border="0"><br>
		<cfinclude template="../includes/leftnav_e.cfm">
		<img src="../images/spacer.gif" alt="" width="1" height="2" border="0"><br>
		<img src="../images/wrapper/leftnav-bottom.gif" alt="" width="225" height="95" border="0"><br>
        <!---<cfinclude template="../includes/leftnavbutton_e.cfm">---></td>
	<td width="36"><img src="../images/wrapper/options-spacer1.gif" alt="" width="36" height="21" border="0"></td>
	<td width="464">
		<cfinclude template="../includes/search_e.cfm">
		<div id="breadcrumbs">
<!--- START: Breadcrumbs --->
			<a href="../../index_e.cfm">Home Page</a> &gt; Members Site
<!---   END: Breadcrumbs --->
		</div>
		<div id="print-content">
<!--- START: Content Area --->
		<h1>Members Site</h1>

	<CFIF Task EQ "FirstLogin">
		<font face="arial" color="GREEN">
		<p><strong>Your account has been created.
		<BR> Please login to start a session.<br></strong></p>
		
	<CFELSEIF Task EQ "FailToCreate">
		
		<p><strong>There has been an error creating your account.
		<BR>Please 	contact the <a href=mailto:webmaster@ac.ca>webmaster@ac.ca</a> for support.</strong>		</p>
		
	<CFELSEIF Task EQ "LoginExists">
		
		<p><strong>The Login Name you typed already exists. <BR>If you already have an account with this Login Name click on "Ask for a Password Hint" button.<BR>If not, choose another Login Name.<BR>If difficulties persist, please contact the <a href=mailto:webmaster@ac.ca>webmaster@ac.ca</a> for support.</strong></p>
		
	<CFELSEIF Task EQ "InvalidID">
		
		<p>
		<strong>The system could not make a successful match of your identity.<br>
		Either, the typed ID number is wrong or your name is NOT the one we have on file at the CIA Secretariat.<br>
		Please follow the instructions below.
		</strong>
		</p>
	    <table border="0" width="100%"  cellspacing="0" cellpadding="0" class="qtable">
	    <tr>
	    <td>
		<strong>
		1- If you are certain that there are no differences between your Lastname and the one registered with the CIA Secretariat, try again typing in the correct ID &quot;Submit ID&quot;.<br>
	   <br>
		2- If you don't remember the exact ID number,<br>leave the ID Number window empty and click &quot;Request ID&quot;.
		<br>
		In this case you will be asked to provide the most recent<br>E-mail address that the CIA Secretariat has on file from you.<br>
	    <br>
	    
		</strong>
		</td>
	    </tr>
	    </table>
		<br>												
												
	<cfelseif URL.Task EQ "Expired">
		<p>Your login has expired.</p>
	<cfelseIF URL.TASK EQ "FailedLogin">	
		<strong>Sorry, that's not a valid login/password combination.</strong><br> 
		You may <strong>try again</strong> or create a <a href="EmailLoginValidate.cfm?Task=New"><strong>New Account</strong></a>.
	</CFIF>

	<h2>Login to your Account</h2>
	<form action="EmailLoginValidate.cfm?Task=ClientLogin&Lang=e" method="post">
		<table border="0" cellpadding="0" cellspacing="0" class="qtable" width="100%">
		<CFIF Task IS "Hint">
		<tr>
	    	<th align="left" valign="middle" class="qtable"><strong>Hint: </strong></th>
	    	<td><i><cfoutput>#CheckUser.hint#</cfoutput></i></td>
	    </tr>
		</cfIf>											

		<tr>
			<th align="left" valign="middle" class="qtable"><strong>Login Name:</strong></th>
			<td align="left" valign="top" class="qtable">
			<cfif ISDEFINED("Cookie.LoginName")>
				<cfset Variables.LoginName=#Cookie.LoginName#>
			<CFELSE>
				<cfset Variables.LoginName="">
			</cfif>
			<cfoutput>
			<CFIF Task IS "Hint" >													
				<input type="text" name="LoginName" value="#CheckUser.login#" size="40" maxlength="20">
			<CFELSE>
				<input type="text" name="LoginName" value="#Variables.LoginName#" size="40" maxlength="20">
			</CFIF></cfoutput>
			</td>
		</tr>
		<tr>
			<th align="left" valign="top" class="qtable" rowspan="2"><strong>Password:</strong></th>
			<td align="left" valign="top" class="qtable"><input type="password" name="password" value size="40" maxlength="20"></td>
		</tr>
		<tr>
			<td align="left" nowrap>
			<input type="checkbox" name="RememberLogin" value="Yes" <cfif Variables.LoginName NEQ ""> checked</cfif>>
			<strong><small>Remember my Login Name on this computer</small></strong>
			</td>
		</tr>		
		</table>
		<br>
		<table border="0" cellspacing="3" cellpadding="2" width="300">
		<tr>
			<td valign="top" align="left">
				<input type="Hidden" name="Language" value="English">
				<input type="submit" name="submit" value="Login!">
			</td>
		</TR>
	</form>
		<CFIF Task IS "Hint">											
		<TR>
	        <td width="100%" height="40"><strong><small>If you still cannot remember your password given the hint
	        above, please e-mail the <a href="mailto:webmaster@ac.ca">webmaster@ac.ca</a> for assistance.&nbsp;&nbsp; </small><br>
	        <small>Please include your full real name and CIA Identification Number in your e-mail for
	        verification purposes.</small></strong></td>
		</TR>											
		</CFIF>
		<TR>
			<form action="askhint_e.cfm" method="post">
	        <td valign="middle" align="left">
				<input type="submit" name="submit1" value="Ask for a password hint &raquo;">
			</td>
		</tr>
			</FORM>
		</table>
		

       </div>
	<cfIF URL.TASK EQ "FailedLogin">												
		<hr size="1" width="240" noshade align="left">
	    If you've <strong>forgotten</strong> your password, 
	    <form action="index_e.cfm?Task=Hint" method="post">
	    <table border="0" cellspacing="0" cellpadding="0" class="qtable">
	    <tr>
		    <th align="right" class="qtable"><strong>Login Name: </strong></td>
		    <td class="qtable"><input type="text" name="LoginName" value="" size="20" maxlength="20"></td>
	    </tr>
	    </table>
	    <br>
	    <input type="submit" name="submit" value="Ask for a Hint &raquo;">
	    </form>
	<cfelse>
		<hr size="1" noshade align="left">
        
		<h2>Is this your first time?</h2>		
		<p><strong>If yes, please click on:</strong></p>

        <form action="create_new_account_e.cfm" method="post">
			<p><input type="submit" name="submit" value="Setup your own account &raquo;"></p>
		</form>
	</cfif>

<!---   END: Content Area ---></div></td>
	<td width="20"><img src="../images/wrapper/options-spacer2.gif" alt="" width="20" height="33" border="0"></td>
	<td width="222">
		<cfinclude template="../includes/options_e.cfm">
<!--- START: Sidebar --->
		<!---<cfinclude template="../includes/quicklinks_e.cfm">--->
<!---   END: Sidebar ---></td>
	<td width="17"><img src="../images/spacer.gif" alt="" width="17" height="1" border="0"></td>
</tr>
</table>

<cfinclude template="../includes/footer_e.cfm">

</body>

</html>

Open in new window

Actually, I was looking for the few lines of code you use to see if a user is already logged in.   On each page load in a protected area, you probably see if the user is already logged in or not, if not, you would redirect them to the login page.   If they are already logged in, then you allow them to proceed.

How do you check to see if a user is logged in to allow them access to a protected area?

Author

Commented:
This is a good questions... I don't think so i have the code

Here is my index page do you think i have it ? I don't think so...
<!---Set page-level variables for determining left nav display and nav highlighting--->
<cfset sec = "">
<cfset subsec = "">
<cfset subsubsec = "">

<cfparam name="Lang" default="E">
<cfinclude template="email1.cfm">
<cfif NOT ISDEFINED("Client.Started")>
	<cflocation url="index_e.cfm" addtoken="no">
</cfif>
<cfquery name="DisplayUsers" datasource="ac" username="#application.username#" password="#application.password#">
	SELECT * FROM users INNER JOIN
    enrollees ON enrollees.enrollee_id_number = users.id_number INNER JOIN
    meminfotest ON users.id_number = meminfotest.Enrolle_id_number
	WHERE (users.user_id = #client.user_id#)
</cfquery>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Members Site |   ac</title>
<meta name="robots" content="noindex, follow">
<cfinclude template="../includes/head_e.cfm">
<script LANGUAGE="JavaScript">
timeout = null;
win = null;
helpwin=null;
helpmemwin=null;
function NumberCheck(element)
{
var i = 0.00;
var Invalue = "0";
Invalue = element.value;
// Divide the value by 1 so that u get a NaN
i = Invalue / 1;
	if(i==0)
	{
		alert("Please Enter a valid Number");
		element.value="";
		element.focus();
		return false;
	}
	else if(isNaN(i))
	{
		alert("Please Enter a valid Number");
		element.value="";
		element.focus();
		return false;

	}
	else
	{
		return true;
	}
}

function OpenNewWin()
{
	if (win == null)
	{
		win = window.open("instructions.htm", "small", "toolbar,menubar,scrollbars,resizable,width=480,height=300");
    }
	else
	{
		if (win.closed == true)
		{
			win = window.open("instructions.htm", "small", "toolbar,menubar,scrollbars,resizable,width=480,height=300");			
		}
		else 
			win.focus();
	}

}

function OpenHelp(name)
{
var helpName = 'help_e.htm#'+name;
	if (helpwin == null)
	{
		helpwin = window.open(helpName, "smallWindow", "toolbar,menubar,scrollbars,resizable,width=500,height=280");
    }
	else
	{
		if (helpwin.closed == true)
		{
			helpwin = window.open(helpName, "smallWindow", "toolbar,menubar,scrollbars,resizable,width=500,height=280");			
			helpwin.focus();
		}
		else 
			helpwin.focus();
	}

}


function OpenHelpmem(name)
{
var helpmemName = 'helpmem.htm#'+name;
	if (helpmemwin == null)
	{
		helpmemwin = window.open(helpmemName, "smallWindow", "toolbar,menubar,scrollbars,resizable,width=500,height=300");
    }
	else
	{
		if (helpmemwin.closed == true)
		{
			helpmemwin = window.open(helpmemName, "smallWindow", "toolbar,menubar,scrollbars,resizable,width=500,height=300");			
			helpmemwin.focus();
		}
		else 
			helpmemwin.focus();
	}

}

function SetTask(element,i)
{
var WhatTask="";
 	if(element.name=="Add")
	{
		WhatTask="AddEmail";
	}
	else if(element.name=="Delete")
	{
		if(confirm("Do you also want to delete this E-mail address from all of the CIA Public E-mail Lists? This is recommended in most instances. "))
		{
			WhatTask="DeleteList";
		}
		else
		{
			WhatTask="DeleteEmail";
		}
	}
	else
	{
		WhatTask="ViewEmail";
	}
document.ViewEmail.Task.value=WhatTask;
document.ViewEmail.submit();
return true;

}
function kill_window(Window)
{
	if (Window != null)
	{
		if (Window.open)
		{
			win = null;
			Window.close();
		}
	}
	
}
function OpenNewWindow()
{

	var state = document.EmailList.state.value;
	var trans_type = document.EmailList.trans_type.value;
	var whatIsSelected = document.EmailList.listname.options[document.EmailList.listname.selectedIndex].value;

	if (win == null)
	{
		win = window.open("http://test1.ac.org/servlet/MailServlet_email?state="+state+"&trans_type="+trans_type+"&listname="+whatIsSelected ,"small", "toolbar,menubar,scrollbars,resizable,width=500,height=500");
    }
	else
	{
		if (win.closed == true)
		{
			win = window.open("http://test1.ac.org/servlet/MailServlet_email?state="+state+"&trans_type="+trans_type+"&listname="+whatIsSelected,"small", "toolbar,menubar,scrollbars,resizable,width=500,height=500");			
		} else 
			win.focus();
	}

}

</script>
<style type="text/css">
<!--
.style2 {color: #FF0000}
-->
</style>
</head>
<body>
<cfinclude template="../includes/header_e.cfm">
<cfinclude template="../includes/menu_e.cfm">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="1001">
  <tr valign="top">
  
  <td width="17"><img src="../images/spacer.gif" alt="" width="17" height="1" border="0"></td>
  <td width="225" id="leftnav"><img src="../images/wrapper/options-spacer1.gif" alt="" width="225" height="21" border="0"><br>
    <img src="../images/wrapper/leftnav-top.gif" alt="" width="225" height="10" border="0"><br>
    <cfinclude template="../includes/leftnav_e.cfm">
    <img src="../images/spacer.gif" alt="" width="1" height="2" border="0"><br>
    <img src="../images/wrapper/leftnav-bottom.gif" alt="" width="225" height="95" border="0"></td>
  <td width="36"><img src="../images/wrapper/options-spacer1.gif" alt="" width="36" height="21" border="0"></td>
  <td width="464">
  
  <cfinclude template="../includes/search_e.cfm">
  <div id="breadcrumbs">
    <!--- START: Breadcrumbs --->
    <a href="../../index_e.cfm">Home Page</a> &gt; Members Site
    <!---   END: Breadcrumbs --->
  </div>
  <div id="print-content">
    <!--- START: Content Area --->
    <!---<fieldset><h1 align="center" class="style2">Members Site Issues</h1>
		<p class="style2"><strong>As you know, the Secretariat moved to its new offices on the weekend. For the most part, all services are back online. However, we are experiencing some difficulties with a few elements of the members website. We are working on these and expect that the site will be fully functional soon.</strong></p>
</fieldset>--->
<br>       <h1>Members Site</h1>
    <!--- This is the English Version --->
    <!---Open main table--->
<!---<p align="center"><img src="../images/cia_members_en.jpg" width="464" height="70"></p>

<table width="460" border="0" cellspacing="2" cellpadding="2">
  <tr>
    <td width="225" valign="top"> 
		</td>
    <td width="5">&nbsp;</td>
    <td width="225" valign="top">
    <
    <p>As a reminder, the CIA considers only Fellows to be fully-qualified ac and, as such, maintains that in Canada, only FCIAs may call themselves ac. </p>   
    </td>
  </tr>
</table>



<!---<a href="https://www.ac.ca/members/CPDCompliance2009/cpd_compliance_FL_e.cfm">
<img src="https://www.ac.ca/members/CPDCompliance2009/CPD_filing_1_e.jpg" width="280" height="100" border="0"
onMouseOver="this.src='https://www.ac.ca/members/CPDCompliance2009/CPD_filing_2_e.jpg'"
onMouseOut="this.src='https://www.ac.ca/members/CPDCompliance2009/CPD_filing_1_e.jpg'"></a>
<br>
<br>--->
<!---TO HERE---><!---<a href="../publications/2010/210013e.pdf" target="_blank"><img src="../images/stat/report_stat_2009_e.png" alt="Report " width="425" height="36" border="0"
onMouseOver="this.src='http://www.ac.ca/members/images/stat/report_stat_2009_e_h.png'"
onMouseOut="this.src='http://www.ac.ca/members/images/stat/report_stat_2009_e.png'"></a>--->

<cfif listfindnocase("FL,ASV,AS,AF,CR",DisplayUsers.new_member_type)>
<cfif not id_number eq 931023 or id_number eq 968130 or id_number eq 969584 or id_number eq 969718 or id_number eq 969870 or id_number eq 793041 or id_number eq 913052 or id_number eq 921047 or id_number eq 970399 or id_number eq 966022 or id_number eq 832022 or id_number eq 972029 or id_number eq 967804 or id_number eq 931055 or id_number eq 971979 or id_number eq 954061 or id_number eq 804012 or id_number eq 844009 or id_number eq 970292 or id_number eq 967125 or id_number eq 971854 or id_number eq 970108 or id_number eq 803041 or id_number eq 904034 or id_number eq 941033 or id_number eq 970593 or id_number eq 971066 or id_number eq 952012>

<a href="http://www.ac.ca/meetings/dues_form_e.cfm" target="_blank">
<img src="../images/stat/annual_dues_2012_e.png" alt="Table " width="425" height="36" border="0"></a>
</cfif>
</cfif><!---<br/><br/>

<a href="../publications/2011/211034e.pdf" target="_blank">
<img src="../images/stat/report_stat_2010_te.png" alt="Table " width="425" height="36" border="0"
onMouseOver="this.src='http://www.ac.ca/members/images/stat/report_stat_2010_te_h.png'"
onMouseOut="this.src='http://www.ac.ca/members/images/stat/report_stat_2010_te.png'"></a>
<br>
</p> --->      
    <table border="0" width="100%" cellpadding="0" cellspacing="0">
      <tr>        
        <!---For delete list--->
        <CFIF ParameterExists(Task)>
          <CFIF Task IS "DeleteList">
            <CFSET dot = ".">
            <CFSET ToWhat="1">
            <CFSET FromWhat="100">
            <TD>Please wait while your list subscriptions are being updated.</TD>
          </CFIF>
        </CFIF>
        <!---If client login--->
        <CFIF ParameterExists(Task)>
          <CFIF Task IS "ClientLogin" 
     OR Task IS "Create"
	 OR Task IS "UpdateInfo">
          </CFIF>
        </CFIF>
        <td valign="top" align="left">
<table border="0" cellpadding="0" cellspacing="0" align="center">
      
<CFQUERY dbtype="odbc" name="Vote" datasource="ac" username="#application.username#" password="#application.password#">
SELECT ID_NUMBER
FROM Election_2012_Voters
WHERE ID_NUMBER = '#client.ID_NUMBER#'
</CFQUERY>
<!--VOTING BUTTON FOR 2008 START OF "COMMENT OUT" HERE-->
<CFIF #client.FL# EQ "1" OR #client.ID_NUMBER# EQ "965001" OR #client.ID_NUMBER# EQ "972432">		

<!---<CFIF #client.ID_NUMBER# EQ "965001" OR #client.ID_NUMBER# EQ "965395" OR #client.ID_NUMBER# EQ "971221" OR #client.ID_NUMBER# EQ "823012" OR #client.ID_NUMBER# EQ "752015" OR #client.ID_NUMBER# EQ "834002" OR #client.ID_NUMBER# EQ "872015" OR #client.ID_NUMBER# EQ "932016" OR #client.ID_NUMBER# EQ "864017" OR #client.ID_NUMBER# EQ "881008" OR #client.ID_NUMBER# EQ "742023" OR #client.ID_NUMBER# EQ "969238" OR #client.ID_NUMBER# EQ "970924" OR #client.ID_NUMBER# EQ "969249">--->	


          <tr align="center">           
			<td align="center" valign="top" colspan="2">	
           <CFIF #Vote.RecordCount# NEQ "1">
              <div align="center"><a href="../voting/2012/index.cfm?LANG=E" target="_blank"><img src="../voting/notvoted_2012_e.jpg"border="0"></a><br>
                <b>DEADLINE:</b> May 29, 2012 at 15:00 EDT <br/><!---<br>
              <b>REVISED DEADLINE:</b><strong> June 3, 2011 at 20:00 EDT</strong><br>
              <span class="style2">*<strong>Note that, due to technical difficulties experienced during the Secretariat’s office move, voting in the 2011 Election was unavailable for several hours earlier this week.  The voting deadline has been extended accordingly.</strong></span>--->
              <CFELSE>
                <img src="../voting/voted_e.gif" alt=""border="0"><br/>
              </div>
            </CFIF>            </td>
		  </tr>  
		  <tr><td align="center" valign="top" colspan="2">&nbsp;</td></tr> <!---  --->
</CFIF>  

<!---        Make sure to check if this user has voted--->
            
      
    <CFQUERY dbtype="odbc" name="CheckProxy" datasource="ac" username="#application.username#" password="#application.password#">
        SELECT ID_NUMBER
        FROM Proxy_2011_June_List
        WHERE ID_NUMBER = '#client.ID_NUMBER#'
    </CFQUERY> 

		  <!---<tr>
		  
		  <td align="center" valign="top" colspan="2" width="100%">--->	
		  	<!---<h4 style="text-transform: uppercase; margin-bottom: 0; font-size: 16px;">List Subscriptions</h4>
			--->
		<!---	<CFIF #client.FL# EQ "1" >
 Allow for Lynn CHRis and Andrew to view button that is only viewable by fellows
		<!---<CFIF #client.ID_NUMBER# EQ "965001" OR #client.ID_NUMBER# EQ "965395" OR #client.ID_NUMBER# EQ "970463">--->
			
			   <CFIF #CheckProxy.RecordCount# NEQ "1"></CFIF>--->
<!---Boardroom meeting June 27, Allows access to only 4 memebers plus andrew--->
<!---#
				
					OR --->
               

		<!---<cftry>
		 <CFQUERY NAME="ECButton" datasource="ac" username="#application.username#" password="#application.password#">
    SELECT *
    FROM meminfotestrecorded
    WHERE  meminfotestrecorded.recorded = #client.ID_NUMBER#
    </CFQUERY>
		<!---EMPLOYMENT CODE PROJECT BUTTON--->
			<!---<CFIF 
	#client.ID_NUMBER# EQ "970463"  OR #client.ID_NUMBER# EQ "965001"></CFIF>
			<cfif #ECButton.Recorded# EQ "">
			<a href="../../meminfo/good/update_membership_e.cfm">
			<img src="../../images/Meminfo/ButtonEC_e.bmp" border="0" ></a> 
            </cfif>
			<cfcatch> </cfcatch>--->
</cftry>--->
			<!---</td><td>&nbsp;</td>
		  <tr><td align="center" width="225" colspan="3">--->
	<!---<p>
	<a href="../toolkit/update_list_subscriptions_e.cfm"><img src="../old_proxy_voting/2006/June/btn_listserver.gif" alt="Amendments Listserver Click to join or leave" width="187" height="101" border="0"></a>
	</p>	---><!---<br>
    
			
    </td></tr>--->
         
  
			    <!--- START OF "COMMENT OUT" HERE --->		
<!---<CFIF #client.FL# EQ "1" OR #client.ID_NUMBER# EQ "965001" OR #client.ID_NUMBER# EQ "971822">--->
 <!---Allow for Lynn and Tolsen to view button that is only viewable by fellows--->

                   
   			<!---<tr>
                <td colspan="2" style="text-align:center;">
	                <h4 style="text-transform: uppercase; margin-bottom: 0; font-size: 16px; padding-right:5px;"><b>DEADLINE:</b> </h4>
	                June 27, 2011 at 15:00 EDT
                </td>
            </tr>         --->          
                   
                   
			<!---<td align="center" valign="top" colspan="2" width="225">	
         <CFIF #CheckProxy.RecordCount# NEQ "1" >
			
			
              <a href="../proxy_voting/2011/June/index.cfm?Lang=E" target="_blank"><img src="..\proxy_voting\2011\June\btn-bylaw_changes.gif" border="0" alt="Bylaw Amendments Click to Vote on changes"></a><br>
              
              <CFELSE> 
              <img src="..\proxy_voting\2011\June\btn-bylaw_changes-thank-you.gif" alt=""border="0">
           </CFIF>
            </td>--->
			<!---<td>
              <a href="../toolkit/update_list_subscriptions_e.cfm"><img src="..\proxy_voting\2011\June\btn_listserver.gif" alt=""border="0"></a>
            </td>
            </tr>--->
		   
		<!---  <tr><td align="center" valign="top" colspan="2">&nbsp;</td>
		 
		  
		  </tr>        
</CFIF>--->
    

		  <!---<tr>
          <td colspan="3" style="text-align:center;"><a href="http://www.ac.ca/members/organization/discussion_forum/candidate_e.cfm" target="_blank"><img src="../../images/Buttons/elec_discussion_forum_e.jpg" width="187" height="85" border="0"></a></td>
          </tr><tr>
          <td align="left" valign="middle"><a href="http://www.edls.com/cia/" target="_blank"><img src="/images/HMMlogo_w.jpg" width="187" height="55" border="0"></a>
		  </td>
          <td align="left" valign="middle">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
		  </td>		  
		 <td align="right" valign="middle"><a href="http://www.pro-act.ca" target="_blank"><img src="/images/ProAct_EN.jpg" width="187" height="85" border="0"></a></td>
          </tr>
          <tr>
          	<td colspan="3" style="text-align:center;">&nbsp;</td>
          </tr>--->
<!---          <tr> 
          	<td colspan="3" style="text-align:center;">
            	<a href="federal_election_2011_e.cfm" target="_self"><img src="../images/Election_button_e.jpg" width="159" height="160" border="0"/></a>
            </td>          
          </tr>--->
        </table>
        <p align="center"><img src="../images/cia_members_en.jpg" width="464" height="70"></p>

<table width="460" border="0" cellspacing="2" cellpadding="2">
  <tr>
    <td width="225" valign="top"> 
		</td>
    <td width="5">&nbsp;</td>
    <td width="225" valign="top">
  
    </td>
  </tr>
</table>

<!---TO HERE---><!---<a href="../publications/2010/210013e.pdf" target="_blank"><img src="../images/stat/report_stat_2009_e.png" alt="Report " width="425" height="36" border="0"
onMouseOver="this.src='http://www.ac.ca/members/images/stat/report_stat_2009_e_h.png'"
onMouseOut="this.src='http://www.ac.ca/members/images/stat/report_stat_2009_e.png'"></a>---><br>

<!---<p align="center"><a href="http://www.ac.ca/ASOC/about_e.cfm" target="_blank"><img src="../images/ASOC_Dark.jpg" alt="Table " width="300" height="80" border="0"
onMouseOver="this.src='http://www.ac.ca/members/images/ASOC_Light.jpg'"
onMouseOut="this.src='http://www.ac.ca/members/images/ASOC_Dark.jpg'"></a><br><br>--->

        <p align="center"><a href="http://www.ac.ca/members/organization/PC/IP/PC_IP_Docs_e.cfm?CODE=IP"><img src="http://www.ac.ca/members/images/stat/report_stat_2011_te_h.png" alt="" border="0"
         onMouseOver="this.src='http://www.ac.ca/members/images/stat/report_stat_2011_te_h_mouseover.png'"
        onMouseOut="this.src='http://www.ac.ca/members/images/stat/report_stat_2011_te_h.png'"></a></p>


<br>

<!---<a href="../publications/2011/211034e.pdf" target="_blank"><img src="../images/stat/report_stat_2010_te.png" alt="Table " width="425" height="36" border="0"
onMouseOver="this.src='http://www.ac.ca/members/images/stat/report_stat_2010_te_h.png'"
onMouseOut="this.src='http://www.ac.ca/members/images/stat/report_stat_2010_te.png'"></a><br>--->
</p>       
        <!--- END OF "COMMENT OUT" HERE --->
<!--- NEWS SERVICE INCLUDE --->
<table border="0" cellpadding="0" cellspacing="0">
<tr>
          <td align="left" valign="middle"><a href="http://www.pro-act.ca" target="_blank"><img src="/images/ProAct_EN.jpg" width="187" height="85" border="0"></a></td>
          <td align="left" valign="middle">&nbsp;</td>		  
		 <td align="right" valign="middle">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</a></td>
          </tr>
          <tr>
          	<td colspan="3" style="text-align:center;"></td>
          </tr>
		<tr>
          	<td colspan="3" style="text-align:center;">&nbsp;</td>
          </tr>  
          </table>
<h2>CIA News Service</h2>
<cfinclude template="../includes/news.cfm">
<iframe src="http://meltwaternews.com/magenta/xml/html/47/54/v2_357983.html"
width="437"
height="327"
scrolling="auto"
frameborder="0"
allowtransparency="true" style="overflow-x: hidden;">
<a href="http://meltwaternews.com/magenta/xml/html/47/54/v2_357983.html">Press Clipping Service</a></iframe>




<!--- NEWS SERVICE INCLUDE --->
                <p>&nbsp;</p>
		 
	     <h2>Member Account</h2>
        <p>
        <table border="0" cellpadding="5" cellspacing="0" class="qtable" width="450">
          <tr>
            <th align="left" valign="top" class="qtable" colspan="3"><strong>Account Information</strong></th>
            <th align="right" valign="top" class="qtable"><a href="javascript:OpenHelp('Information')" class="white"><strong>Help</strong></a></th>
          </tr>
          <CFOUTPUT QUERY="DisplayUser">
            <tr>
              <td align="left" valign="top" class="qtable" bgcolor="##EEEEEE"><strong>Name:</strong></td>
              <td align="left" valign="top" class="qtable"<CFIF #client.isEnrollee# NEQ "Y"> colspan="3"</cfif>>#firstname# #lastname#</td>
              <CFIF #client.isEnrollee# EQ "Y">
                <td align="left" valign="top" class="qtable" bgcolor="##EEEEEE"><strong>CIA Member:</strong></td>
                <td align="left" valign="top" class="qtable">#cia_enrollee#</td>
              </cfif>
            </tr>
            <tr>
              <td align="left" valign="top" class="qtable" width="100" bgcolor="##EEEEEE"><strong>Login Name:</strong></td>
              <td align="left" valign="top" class="qtable" width="100">#login#</td>
              <td align="left" valign="top" class="qtable" width="100" bgcolor="##EEEEEE"><strong>Created:</strong></td>
              <td align="left" valign="top" class="qtable" width="150">#DateFormat(user_create, 'mmmm d, yyyy')#</td>
            </tr>
          </CFOUTPUT>
        </table>
        </p>
        <p align="center"> <a href="../toolkit/update_account_info_e.cfm"><strong>Change your Account Information, Password or Hint</strong></a>      </td>     
      </tr>
    </table>
    <!---   END: Content Area --->
  </div>  </td>
  
  <td width="20"><img src="../images/wrapper/options-spacer2.gif" alt="" width="20" height="33" border="0"></td>
    <td width="222"><cfinclude template="../includes/options_e.cfm">
      <!--- START: Sidebar --->
      <cfinclude template="../includes/quicklinks_e.cfm">
 
      <!---   END: Sidebar ---></td>
    <td width="17"><img src="../images/spacer.gif" alt="" width="17" height="1" border="0"></td>
  </tr>
</table>
<cfinclude template="../includes/footer_e.cfm">
</body>
</html>

Open in new window

Yeah, I don't think you do either.   So that may mean that someone can just go to a protected page without logging in?

In any case, IMO, I think you need to rework how you are doing logins.

It's not too involved.

In your onSessionStart function create a session variable to empty..

<cfset session.login.user_id = "">

( you don't need the .login and can do  session.user_id if you want )


When the user logs in, validate the username and password and give session.login.user_id the value of the current user's ID


When the user logsout, set this value to empty again (don't delete the variable!)

You can test it with a simple line..

<cfif isDefined("session.login.user_id") and val(session.login.user_id)>
    welcome back!
<cfelse>
    <cfinclude template="login.cfm">
</cfif>

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial