Quoting Steve Reich <[EMAIL PROTECTED]>: > Here's the basic concept... > > You have a login page. The user puts their username and password in > and it submits to an action page that checks to see if they are a > user.
Why a login page? Why an action page? You can also make every page a login page and every page an action page by putting the relevant code in the Application.cfm. And if you combine that with HTTP authentication even submitted formfields will persist. Also, check the manual on cflogin. > You then set a variable (I usually use session variables). Then you > check for that session variable on the pages that are protected. > Typically, I have everything that they need to log into put in a > separate folder. Then I have code in the application.cfm to say that > if the path is to the protected folder, check for the variable > otherwise redirect to the login page. > Any shortcut to the secured data will redirect them to the login page > if they are not logged in. As far as locking out... set a variable on > each failed login and increment it by one until they hit 3. Once they > hit three, check that variable in the login page and redirect them or > give them a message that they have been locked out. You can use a > cookie to expire in 30 minutes or however you want to do it. Cookies = client-side = insecure Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
