Solved

Cookies deleting or not, login troubles and issues

Posted on 2014-03-12
4
180 Views
Last Modified: 2014-03-18
Hi Experts,

We do write a cookie on a client computer using coldfusion, and we now have a lot of complains due to customers not beeing able to login, and worse, can't add things to their basket.

Here is a copy of the cookies in application.cfc :
<cfset This.clientManagement = "yes">
	<cfset This.clientStorage = "Cookie">
	<cfset This.setClientCookies = "yes">
	<cfset This.setDomainCookies = "no">
	<cfset This.loginStorage = "session">
	<cfset This.scriptProtect = "all">
	<cfsetting requesttimeout="300" enablecfoutputonly="yes" showdebugoutput="yes">
	
	<cfparam name="Application.updating" default="false">
	<cfparam name="Application.updatingStartTime" default="#now()#">

Open in new window


Then we check if the customer is remembered by the cookie :

<!--- check if user is remembered (by cookie) --->
            <cfif Session.loggedIn EQ "no" AND IsDefined("cookie.User_email") AND IsDefined("cookie.User_password")>
                <!---- Get User's info based on db ------>
                <cfquery name="qVerify" datasource="joecool_web">
                    select *
                    from webAccounts
                    where email = '<cfoutput>#Cookie.User_email#</cfoutput>'
                    and password = '<cfoutput>#Cookie.User_password#</cfoutput>'
                </cfquery>

Open in new window


What is going wrong ? setDomainCookies to yes did not worked, changed to no, it worked, then it doesn't work on an other computer...

Many thanks for your comments/help
Adam
0
Comment
Question by:adam1h
4 Comments
 

Author Comment

by:adam1h
ID: 39922741
In the login process page, here is the code we use :

</cfif>
	
	<!--- set the RememberMe cookie ----->
    <cfif isNewsletter EQ "no">
        <cftry>
            <cfif Form.rememberMe EQ "True">
                <cfoutput>
                    <cfcookie name="User_email" value="#Session.email#" expires="NEVER" >
                    <cfcookie name="User_password" value="#Session.password#" expires="NEVER" >
                </cfoutput>
            <cfelse>
                <cfoutput>
                    <cfcookie name="User_email" value="#Session.email#" expires="NOW" >
                    <cfcookie name="User_password" value="#Session.password#" expires="NOW" >
                </cfoutput>
            </cfif>
        <cfcatch type="any">
            <!---<script>
                 alert("A error is occuring ; your're not remembered !");
            </script>--->
        </cfcatch>
        </cftry>
    </cfif>

Open in new window

0
 
LVL 58

Accepted Solution

by:
Gary earned 500 total points
ID: 39924688
I don't know CF but storing usernames and passwords in a cookie is a big NO NO
You can store a unique key in the cookie, save this key in the database against the user, and then query this key to autologin someone.
Additionally passwords should be encrypted in the database.

http://www.bennadel.com/blog/1213-Creating-A-Remember-Me-Login-System-In-ColdFusion.htm
0
 
LVL 25

Expert Comment

by:dgrafx
ID: 39924692
line 4: <cfif isNewsletter EQ "no">

is this value always "no"?
it appears that is the only time the cookies are set.
0
 
LVL 26

Expert Comment

by:EddieShipman
ID: 39924711
Have you double checked the cookie lifetime?
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Website URL redirection 10 69
Coldfusion- Create and save form elements in Database 7 76
Problem to Popup 2 84
Appending query Data into array of Structure for a structure 3 42
What is Node.js? Node.js is a server side scripting language much like PHP or ASP but is used to implement the complete package of HTTP webserver and application framework. The difference is that Node.js’s execution engine is asynchronous and event…
Introduction Since I wrote the original article about Handling Date and Time in PHP and MySQL (http://www.experts-exchange.com/articles/201/Handling-Date-and-Time-in-PHP-and-MySQL.html) several years ago, it seemed like now was a good time to updat…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question