Solved

Cookies deleting or not, login troubles and issues

Posted on 2014-03-12
4
184 Views
Last Modified: 2014-03-18
Hi Experts,

We do write a cookie on a client computer using coldfusion, and we now have a lot of complains due to customers not beeing able to login, and worse, can't add things to their basket.

Here is a copy of the cookies in application.cfc :
<cfset This.clientManagement = "yes">
	<cfset This.clientStorage = "Cookie">
	<cfset This.setClientCookies = "yes">
	<cfset This.setDomainCookies = "no">
	<cfset This.loginStorage = "session">
	<cfset This.scriptProtect = "all">
	<cfsetting requesttimeout="300" enablecfoutputonly="yes" showdebugoutput="yes">
	
	<cfparam name="Application.updating" default="false">
	<cfparam name="Application.updatingStartTime" default="#now()#">

Open in new window


Then we check if the customer is remembered by the cookie :

<!--- check if user is remembered (by cookie) --->
            <cfif Session.loggedIn EQ "no" AND IsDefined("cookie.User_email") AND IsDefined("cookie.User_password")>
                <!---- Get User's info based on db ------>
                <cfquery name="qVerify" datasource="joecool_web">
                    select *
                    from webAccounts
                    where email = '<cfoutput>#Cookie.User_email#</cfoutput>'
                    and password = '<cfoutput>#Cookie.User_password#</cfoutput>'
                </cfquery>

Open in new window


What is going wrong ? setDomainCookies to yes did not worked, changed to no, it worked, then it doesn't work on an other computer...

Many thanks for your comments/help
Adam
0
Comment
Question by:adam1h
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 

Author Comment

by:adam1h
ID: 39922741
In the login process page, here is the code we use :

</cfif>
	
	<!--- set the RememberMe cookie ----->
    <cfif isNewsletter EQ "no">
        <cftry>
            <cfif Form.rememberMe EQ "True">
                <cfoutput>
                    <cfcookie name="User_email" value="#Session.email#" expires="NEVER" >
                    <cfcookie name="User_password" value="#Session.password#" expires="NEVER" >
                </cfoutput>
            <cfelse>
                <cfoutput>
                    <cfcookie name="User_email" value="#Session.email#" expires="NOW" >
                    <cfcookie name="User_password" value="#Session.password#" expires="NOW" >
                </cfoutput>
            </cfif>
        <cfcatch type="any">
            <!---<script>
                 alert("A error is occuring ; your're not remembered !");
            </script>--->
        </cfcatch>
        </cftry>
    </cfif>

Open in new window

0
 
LVL 58

Accepted Solution

by:
Gary earned 500 total points
ID: 39924688
I don't know CF but storing usernames and passwords in a cookie is a big NO NO
You can store a unique key in the cookie, save this key in the database against the user, and then query this key to autologin someone.
Additionally passwords should be encrypted in the database.

http://www.bennadel.com/blog/1213-Creating-A-Remember-Me-Login-System-In-ColdFusion.htm
0
 
LVL 25

Expert Comment

by:dgrafx
ID: 39924692
line 4: <cfif isNewsletter EQ "no">

is this value always "no"?
it appears that is the only time the cookies are set.
0
 
LVL 26

Expert Comment

by:EddieShipman
ID: 39924711
Have you double checked the cookie lifetime?
0

Featured Post

Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface This is the third article about the EE Collaborative Login Project. A Better Website Login System (http://www.experts-exchange.com/A_2902.html) introduces the Login System and shows how to implement a login page. The EE Collaborative Logi…
Shoutout to Emily Plummer (http://www.experts-exchange.com/members/eplummer26.html) for giving me this article! She did most of it, I just finished it up and posted it for her :)    Introduction In a previous article (http://www.experts-exchang…
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question