Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Cookies deleting or not, login troubles and issues

Posted on 2014-03-12
4
Medium Priority
?
199 Views
Last Modified: 2014-03-18
Hi Experts,

We do write a cookie on a client computer using coldfusion, and we now have a lot of complains due to customers not beeing able to login, and worse, can't add things to their basket.

Here is a copy of the cookies in application.cfc :
<cfset This.clientManagement = "yes">
	<cfset This.clientStorage = "Cookie">
	<cfset This.setClientCookies = "yes">
	<cfset This.setDomainCookies = "no">
	<cfset This.loginStorage = "session">
	<cfset This.scriptProtect = "all">
	<cfsetting requesttimeout="300" enablecfoutputonly="yes" showdebugoutput="yes">
	
	<cfparam name="Application.updating" default="false">
	<cfparam name="Application.updatingStartTime" default="#now()#">

Open in new window


Then we check if the customer is remembered by the cookie :

<!--- check if user is remembered (by cookie) --->
            <cfif Session.loggedIn EQ "no" AND IsDefined("cookie.User_email") AND IsDefined("cookie.User_password")>
                <!---- Get User's info based on db ------>
                <cfquery name="qVerify" datasource="joecool_web">
                    select *
                    from webAccounts
                    where email = '<cfoutput>#Cookie.User_email#</cfoutput>'
                    and password = '<cfoutput>#Cookie.User_password#</cfoutput>'
                </cfquery>

Open in new window


What is going wrong ? setDomainCookies to yes did not worked, changed to no, it worked, then it doesn't work on an other computer...

Many thanks for your comments/help
Adam
0
Comment
Question by:adam1h
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 

Author Comment

by:adam1h
ID: 39922741
In the login process page, here is the code we use :

</cfif>
	
	<!--- set the RememberMe cookie ----->
    <cfif isNewsletter EQ "no">
        <cftry>
            <cfif Form.rememberMe EQ "True">
                <cfoutput>
                    <cfcookie name="User_email" value="#Session.email#" expires="NEVER" >
                    <cfcookie name="User_password" value="#Session.password#" expires="NEVER" >
                </cfoutput>
            <cfelse>
                <cfoutput>
                    <cfcookie name="User_email" value="#Session.email#" expires="NOW" >
                    <cfcookie name="User_password" value="#Session.password#" expires="NOW" >
                </cfoutput>
            </cfif>
        <cfcatch type="any">
            <!---<script>
                 alert("A error is occuring ; your're not remembered !");
            </script>--->
        </cfcatch>
        </cftry>
    </cfif>

Open in new window

0
 
LVL 58

Accepted Solution

by:
Gary earned 1500 total points
ID: 39924688
I don't know CF but storing usernames and passwords in a cookie is a big NO NO
You can store a unique key in the cookie, save this key in the database against the user, and then query this key to autologin someone.
Additionally passwords should be encrypted in the database.

http://www.bennadel.com/blog/1213-Creating-A-Remember-Me-Login-System-In-ColdFusion.htm
0
 
LVL 25

Expert Comment

by:dgrafx
ID: 39924692
line 4: <cfif isNewsletter EQ "no">

is this value always "no"?
it appears that is the only time the cookies are set.
0
 
LVL 26

Expert Comment

by:EddieShipman
ID: 39924711
Have you double checked the cookie lifetime?
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I found this questions asking how to do this in many different forums, so I will describe here how to implement a solution using PHP and AJAX. The logical flow for the problem should be: Write an event handler for the first drop down box to get …
Browsers only know CSS so your awesome SASS code needs to be translated into normal CSS. Here I'll try to explain what you should aim for in order to take full advantage of SASS.
The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question