Cookies are the answer yes. But even more than that, CF has the ability to
maintain sessions for a user automatically (so that you don't have to
manage the cookies, etc.)
In your application.cfm file, put the following:
<!--- Enable session management --->
<cfapplication name="myApplication" sessionmanagement="yes"
clientmanagement="no">
<!--- Set some initial variables --->
<cfparam name="SESSION.IsLoggedIn" default=0>
<cfparam name="SESSION.UserLevel" default=0>
Then in your login action page, you do something like this:
<cfquery name="login" datasource="#dsn#">
SELECT FirstName, LastName, UserLevel
FROM Users
WHERE UserName = '#FORM.UserName#'
AND Password = '#FORM.Password#'
</cfquery>
<!--- if the login was successful, set some SESSION variables --->
<cfif login.recordcount>
<cfset SESSION.IsLoggedIn = 1>
<cfset SESSION.name = login.FirstName & " " & login.LastName>
<cfset SESSION.userLevel = login.UserLevel>
<cfelse>
<!--- login failed, send the user back to the login screen, perhaps with a
message explaining that login failed --->
<cflocation url="login.cfm?error=1">
</cfif>
Now that you've enabled and set SESSION variables, they will be available
to you anywhere in the site.
For example.
<cfif SESSION.UserLevel is 5>
<!--- Functionality only available to a User Level 5 --->
<a href="functionality.cfm">Button</a>
</cfif>
HTH!
Sharon
At 05:49 PM 5/15/2000 -0400, Tiffany wrote:
>Hi, I'm 18 years old and have been working with CF for a few months now.
>I have read books, articles, etc and have learned enough on my own to use
>CF with Access 97 to make simple DB's -- adding, updating, deleting
>records, setting variables, using CFMail, etc. You know, the easy stuff.
>I think it's really cool, I love ColdFusion!
>
>My next project is to create a database of members with access levels. I
>have fields like:
>
>MemberName
>Password
>MemberSince
>AccessLevel
>
>I'm trying to figure out how to use session variables and cookies and
>stuff to log a user into a section of a website that will display certain
>options (links basically) depending on their access level (levels are
>like 1 to 5). However, the only part I have done is checking their
>username and password against the database and sending them to a page
>once they have successfully logged in. The thing is, how do you make it
>so someone cant just copy the URL they were sent to when they logged in
>and paste in a browser window and have it pop up? Cookies right?
>
>What I am looking for is someone to point me in the direction or to a
>resource that could explain how some of this works (coding wise).. any
>suggestions.. anything will help.
>
>Thanks!! :)
>
>*~Tiffany~*
>
>
>---------------------------------------------------------------------------
---
>Archives: http://www.eGroups.com/list/cf-talk
>To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
>
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
