Discussion:
Application log In
(too old to reply)
PopcornCoder
2009-03-30 13:09:44 UTC
Permalink
Why does the attached code not cause people to redirect to the login.cfm page
if there is no accessAllowed session variable? If they log in and are
successfull it sets the variable accessAllowed = true which means the user is
authenticated however it stopped working and the only thing I can see that's
changed is this code.

<cffunction name="onRequestStart">
<!--- check to see if logged in --->
<cfif not structKeyExists(session,'accessAllowed') or session.accessAllowed eq
false>
<!--- if not logged in and not on login page, redirect to login --->
<cfif listLast(cgi.script_name,'/') neq 'login.cfm'>
<cflocation url="login.cfm">
</cfif>
</cfif>
Azadi
2009-03-30 13:31:52 UTC
Permalink
try this:

<cfif (NOT structKeyExists(session,'accessAllowed')) OR
session.accessAllowed IS false>

you may also need a <cfabort> after your <cflocation> tag to prevent
processing of originally requested page...

also, onRequestStart() method should accept one argument - targetpage.

try this for a full code:

<cffunction name="onRequestStart" access="public" returntype="boolean"
output="true">
<cfargument name="TargetPage" type="string" required="yes" />
<!--- check to see if logged in --->
<cfif (NOT structKeyExists(session,'accessAllowed')) OR
session.accessAllowed IS false>
<!--- if not logged in and not on login page, redirect to login --->
<cfif listLast(cgi.script_name,'/') neq 'login.cfm'>
<cflocation url="login.cfm">
<cfabort>
<!--- you can also use <cfset getPageContext().forward('login.cfm')>
instead of above 2 lines --->
</cfif>
</cfif>
<cfreturn true>
</cffunction>



Azadi Saryev
Sabai-dee.com
http://www.sabai-dee.com/
tinu88
2009-03-30 13:27:15 UTC
Permalink
This is obviously in the application.cfc?

well, instead of using <cflocation> you could simply set request.page to the login.cfm ...

Let me know if it works

Martin
PopcornCoder
2009-03-30 13:41:45 UTC
Permalink
I have this to process a log out how else could I do it?

<cfif structKeyExists(url,'clear')><cfset onApplicationStart()></cfif>
<cfif structKeyExists(url,'clear')><cfset structClear(session)></cfif>
</cffunction>
Azadi
2009-03-30 14:43:18 UTC
Permalink
you mean you are restarting your whole application (well,
re0initializing really) every time a user logs out???

but, really, if it is just a user logging out, why would you want to
call onApplicationStart()???

how else to do it would depend, to start with, on how you log your users
in...


Azadi Saryev
Sabai-dee.com
http://www.sabai-dee.com/
PopcornCoder
2009-03-30 15:12:41 UTC
Permalink
Azadi your log in code worked once then it didn't
Azadi
2009-03-30 15:28:46 UTC
Permalink
that would be because session.allowAccess exists and is true.

where exactly do you have this line:
<cfif structKeyExists(url,'clear')><cfset structClear(session)></cfif>
?

instead of posting snippets from different parts of your onRequestStart
method, why don;t you post all of it? the order you have various <cfif>
clauses inside of it may be very important...

Azadi Saryev
Sabai-dee.com
http://www.sabai-dee.com/
PopcornCoder
2009-03-30 18:19:57 UTC
Permalink
<cffunction name="onRequestStart" access="public" returntype="boolean"
output="true">
<cfargument name="TargetPage" type="string" required="yes" />
<!--- check to see if logged in --->
<cfif (NOT structKeyExists(session,'accessAllowed')) OR
session.accessAllowed IS false>
<!--- if not logged in and not on login page, redirect to login --->
<cfif listLast(cgi.script_name,'/') neq 'login.cfm'>
<cflocation url="login.cfm">
<!--- <cfabort>
you can also use <cfset getPageContext().forward('login.cfm')>
instead of above 2 lines --->
</cfif>
</cfif>
<cfreturn true>

<cfif structKeyExists(url,'clear')><cfset onApplicationStart()></cfif>
<cfif structKeyExists(url,'clear')><cfset structClear(session)></cfif>
</cffunction>
Azadi
2009-03-31 03:10:14 UTC
Permalink
try this code:

<cffunction name="onRequestStart" access="public" returntype="boolean"
output="true">
<cfargument name="TargetPage" type="string" required="yes" />
<cfset var qsStruct = oRequest.getParameterMap()>
<cfif structKeyExists(qsStruct,'clear')>
<cfset structClear(session)>
<cfset onApplicationStart()>
</cfif>
<!--- check to see if logged in --->
<cfif (NOT structKeyExists(session,'accessAllowed')) OR
session.accessAllowed IS false>
<!--- if not logged in and not on login page, redirect to login --->
<cfif listLast(cgi.script_name,'/') neq 'login.cfm'>
<cflocation url="login.cfm" addtoken="no">
<cfabort>
</cfif>
</cfif>
<cfreturn true>
</cffunction>


Azadi Saryev
Sabai-dee.com
http://www.sabai-dee.com/
PopcornCoder
2009-03-31 13:52:11 UTC
Permalink
ok that works only if I log in then put ?clear=1 at the end of the url so how can we set it up to start out working?
Azadi
2009-03-31 14:17:07 UTC
Permalink
Post by PopcornCoder
so how can we set it up to start out working
?? what do you mean? lost...

Azadi Saryev
Sabai-dee.com
http://www.sabai-dee.com/
PopcornCoder
2009-03-31 14:37:08 UTC
Permalink
Meaning if you try and access the directory for the first time it doesn't work
but if you log in then log out by hitting clear it forces you to go to the
login screen which is what we want. So my question is what do I need to modify
in the code so that we can have it start working on that first access?
Azadi
2009-03-31 14:48:53 UTC
Permalink
still not clear, sorry...

what do you mean by 'if you try and access the directory for the first
time it doesn't work'?

what does not work? how do you expect it to work? how is the way it
works different from what you expect?

what do you expect to happen when one accesses your directory for the
first time? what actually happens?

Azadi Saryev
Sabai-dee.com
http://www.sabai-dee.com/
PopcornCoder
2009-03-31 15:04:09 UTC
Permalink
ok if you try to access any page inside the "Application" then you can get to
it and are not redirected to the login page. However if you log in log out by
using clear=1 in the url and then try and go back in and access another page
without logging in the logic then forces you to go to the login page before
trying to access any other page.
Azadi
2009-03-31 15:15:58 UTC
Permalink
ok, that's better.

now, where do you set the session.accessAllowed variable? post the code
that sets it.

Azadi Saryev
Sabai-dee.com
http://www.sabai-dee.com/
PopcornCoder
2009-03-31 15:41:26 UTC
Permalink
<cfoutput query="Getlisting">

<CFIF Getlisting.recordcount EQ 1>
<cfset Session.accessAllowed = true>
<cfset Session.name = '#user_fname#'>
<cfset Session.role = '#user_role#'>
<CFLOCATION URL="index.cfm">
<CFELSE>
<cfset Session.accessAllowed = false>
<CFLOCATION URL="login.cfm?login=failed">
</CFIF>
</cfoutput>
<cfelse>
<cfoutput>
Azadi
2009-03-31 15:55:03 UTC
Permalink
that should work ok...

just to rule out other possible issues, do this:

in your onSessionStart method in Application.cfc add
<cfset session.accessAllowed = false>

then clear the cach and cookies and authenticated sessions in your
browser and close it.

if you have another browser installed - strat that one and try accessing
your secured directory. ( if you do not have another browser insatlled -
shame on you as a web developer! :) you can start the same browser
again, but better after the session timeout period only...)


Azadi Saryev
Sabai-dee.com
http://www.sabai-dee.com/
larryclyons
2009-04-01 14:31:09 UTC
Permalink
A couple of things, you don't need the cfoutput. Its more than
redundant. Also you don't need the hash marks in the variables
assignments. Also you may need to lock the session variable
assignments. You could rewrite the entire if statement as follows:

<CFIF Getlisting.recordcount EQ 1>
<cflock scope="session" throwontimeout="true" timeout="10"
type="exclusive">
<cfset Session.accessAllowed = true>
<cfset Session.name = user_fname>
<cfset Session.role = user_role>
</cflock>
<CFLOCATION URL="index.cfm" addtoken="false">
<CFELSE>
<cflock scope="session" throwontimeout="true" timeout="10"
type="exclusive">
<cfset Session.accessAllowed = false>
</cflock>
<CFLOCATION URL="login.cfm?login=failed" addtoken="false">
</CFIF>

While some will argue that you don't necessarily need locking in these
circumstances, I've always thought it better to be safe in preventing
race conditions.

regards,
larry
Post by PopcornCoder
<cfoutput query="Getlisting">
 <CFIF Getlisting.recordcount EQ 1>
        <cfset Session.accessAllowed = true>
        <cfset Session.name = '#user_fname#'>
        <cfset Session.role = '#user_role#'>
        <CFLOCATION URL="index.cfm">
 <CFELSE>
        <cfset Session.accessAllowed = false>
        <CFLOCATION URL="login.cfm?login=failed">
 </CFIF>
 </cfoutput>
 <cfelse>
 <cfoutput>
PopcornCoder
2009-03-31 13:01:46 UTC
Permalink
Azadi:

Received Variable oRequest is undefined error.
Azadi
2009-03-31 13:12:36 UTC
Permalink
sorry, my fault - bad copy/paste...

change this line:

<cfset var qsStruct = oRequest.getParameterMap()>

to:

<cfset var qsStruct = getPageContext().getRequest().getParameterMap()>

Azadi Saryev
Sabai-dee.com
http://www.sabai-dee.com/
Loading...