Solved

Cookies deleting or not, login troubles and issues

Posted on 2014-03-12
4
183 Views
Last Modified: 2014-03-18
Hi Experts,

We do write a cookie on a client computer using coldfusion, and we now have a lot of complains due to customers not beeing able to login, and worse, can't add things to their basket.

Here is a copy of the cookies in application.cfc :
<cfset This.clientManagement = "yes">
	<cfset This.clientStorage = "Cookie">
	<cfset This.setClientCookies = "yes">
	<cfset This.setDomainCookies = "no">
	<cfset This.loginStorage = "session">
	<cfset This.scriptProtect = "all">
	<cfsetting requesttimeout="300" enablecfoutputonly="yes" showdebugoutput="yes">
	
	<cfparam name="Application.updating" default="false">
	<cfparam name="Application.updatingStartTime" default="#now()#">

Open in new window


Then we check if the customer is remembered by the cookie :

<!--- check if user is remembered (by cookie) --->
            <cfif Session.loggedIn EQ "no" AND IsDefined("cookie.User_email") AND IsDefined("cookie.User_password")>
                <!---- Get User's info based on db ------>
                <cfquery name="qVerify" datasource="joecool_web">
                    select *
                    from webAccounts
                    where email = '<cfoutput>#Cookie.User_email#</cfoutput>'
                    and password = '<cfoutput>#Cookie.User_password#</cfoutput>'
                </cfquery>

Open in new window


What is going wrong ? setDomainCookies to yes did not worked, changed to no, it worked, then it doesn't work on an other computer...

Many thanks for your comments/help
Adam
0
Comment
Question by:adam1h
4 Comments
 

Author Comment

by:adam1h
ID: 39922741
In the login process page, here is the code we use :

</cfif>
	
	<!--- set the RememberMe cookie ----->
    <cfif isNewsletter EQ "no">
        <cftry>
            <cfif Form.rememberMe EQ "True">
                <cfoutput>
                    <cfcookie name="User_email" value="#Session.email#" expires="NEVER" >
                    <cfcookie name="User_password" value="#Session.password#" expires="NEVER" >
                </cfoutput>
            <cfelse>
                <cfoutput>
                    <cfcookie name="User_email" value="#Session.email#" expires="NOW" >
                    <cfcookie name="User_password" value="#Session.password#" expires="NOW" >
                </cfoutput>
            </cfif>
        <cfcatch type="any">
            <!---<script>
                 alert("A error is occuring ; your're not remembered !");
            </script>--->
        </cfcatch>
        </cftry>
    </cfif>

Open in new window

0
 
LVL 58

Accepted Solution

by:
Gary earned 500 total points
ID: 39924688
I don't know CF but storing usernames and passwords in a cookie is a big NO NO
You can store a unique key in the cookie, save this key in the database against the user, and then query this key to autologin someone.
Additionally passwords should be encrypted in the database.

http://www.bennadel.com/blog/1213-Creating-A-Remember-Me-Login-System-In-ColdFusion.htm
0
 
LVL 25

Expert Comment

by:dgrafx
ID: 39924692
line 4: <cfif isNewsletter EQ "no">

is this value always "no"?
it appears that is the only time the cookies are set.
0
 
LVL 26

Expert Comment

by:EddieShipman
ID: 39924711
Have you double checked the cookie lifetime?
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Browsers only know CSS so your awesome SASS code needs to be translated into normal CSS. Here I'll try to explain what you should aim for in order to take full advantage of SASS.
JavaScript has plenty of pieces of code people often just copy/paste from somewhere but never quite fully understand. Self-Executing functions are just one good example that I'll try to demystify here.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question