Solved

Cookies deleting or not, login troubles and issues

Posted on 2014-03-12
4
176 Views
Last Modified: 2014-03-18
Hi Experts,

We do write a cookie on a client computer using coldfusion, and we now have a lot of complains due to customers not beeing able to login, and worse, can't add things to their basket.

Here is a copy of the cookies in application.cfc :
<cfset This.clientManagement = "yes">
	<cfset This.clientStorage = "Cookie">
	<cfset This.setClientCookies = "yes">
	<cfset This.setDomainCookies = "no">
	<cfset This.loginStorage = "session">
	<cfset This.scriptProtect = "all">
	<cfsetting requesttimeout="300" enablecfoutputonly="yes" showdebugoutput="yes">
	
	<cfparam name="Application.updating" default="false">
	<cfparam name="Application.updatingStartTime" default="#now()#">

Open in new window


Then we check if the customer is remembered by the cookie :

<!--- check if user is remembered (by cookie) --->
            <cfif Session.loggedIn EQ "no" AND IsDefined("cookie.User_email") AND IsDefined("cookie.User_password")>
                <!---- Get User's info based on db ------>
                <cfquery name="qVerify" datasource="joecool_web">
                    select *
                    from webAccounts
                    where email = '<cfoutput>#Cookie.User_email#</cfoutput>'
                    and password = '<cfoutput>#Cookie.User_password#</cfoutput>'
                </cfquery>

Open in new window


What is going wrong ? setDomainCookies to yes did not worked, changed to no, it worked, then it doesn't work on an other computer...

Many thanks for your comments/help
Adam
0
Comment
Question by:adam1h
4 Comments
 

Author Comment

by:adam1h
ID: 39922741
In the login process page, here is the code we use :

</cfif>
	
	<!--- set the RememberMe cookie ----->
    <cfif isNewsletter EQ "no">
        <cftry>
            <cfif Form.rememberMe EQ "True">
                <cfoutput>
                    <cfcookie name="User_email" value="#Session.email#" expires="NEVER" >
                    <cfcookie name="User_password" value="#Session.password#" expires="NEVER" >
                </cfoutput>
            <cfelse>
                <cfoutput>
                    <cfcookie name="User_email" value="#Session.email#" expires="NOW" >
                    <cfcookie name="User_password" value="#Session.password#" expires="NOW" >
                </cfoutput>
            </cfif>
        <cfcatch type="any">
            <!---<script>
                 alert("A error is occuring ; your're not remembered !");
            </script>--->
        </cfcatch>
        </cftry>
    </cfif>

Open in new window

0
 
LVL 58

Accepted Solution

by:
Gary earned 500 total points
ID: 39924688
I don't know CF but storing usernames and passwords in a cookie is a big NO NO
You can store a unique key in the cookie, save this key in the database against the user, and then query this key to autologin someone.
Additionally passwords should be encrypted in the database.

http://www.bennadel.com/blog/1213-Creating-A-Remember-Me-Login-System-In-ColdFusion.htm
0
 
LVL 25

Expert Comment

by:dgrafx
ID: 39924692
line 4: <cfif isNewsletter EQ "no">

is this value always "no"?
it appears that is the only time the cookies are set.
0
 
LVL 26

Expert Comment

by:EddieShipman
ID: 39924711
Have you double checked the cookie lifetime?
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
looping over JSON Object and insert into query 3 57
I starting with php 12 115
MVC and Angular 2 91
Create sub domain on windows dedicated server. 12 4
Recently while working on a project I got a very annoying cfdocument has no body error message. I had never seen this error before. So I checked the code. The code was pretty simple; it was Just showing me the cfdocumnt tag and inside that tag a …
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:
The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now