Two issues:
1) If you login as user X with role Y, then logout, then relogin with
role Z, you don't have access to role Z, just Y. This was fixed in the
last udpater.
2) Timeout... geeze, trying to remember and I can't now. Oh - yes - if
you use this code:
<cflogin ....>
<cfif isDefined("cflogin.name") and
isDefined("cflogin.password")>
The code will work even after a timeout. The reason is that it rereads
in the cookie and populates cflogin.*. The logic behind this was to
allow for cflogin over a cluster. However, obviously, it makes timeouts
useless. There are ways around this - for example, checking a session
value as well, or checking for a REAL login attempt
(isDefined("form.login")), however this last technique kind of defeats
the purpose of the cflogin.* scope, which was to make a security system
that would work w/ multiple client types.
=======================================================================
Raymond Camden, ColdFusion Jedi Master for Mindseye, Inc
Email : [EMAIL PROTECTED]
WWW : www.camdenfamily.com/morpheus
Yahoo IM : morpheus
"My ally is the Force, and a powerful ally it is." - Yoda
> -----Original Message-----
> From: Bill Grover [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, January 08, 2003 10:15 AM
> To: CF-Talk
> Subject: RE: CFLOGIN (Was: stupid newbie tricks)
>
>
> You know, I saw that timeout attribute and went right by it.
> I guess I'll play with it a bit. Your right though it would
> be best if the cflogin timedout at the same interval as your session.
>
> On another vein, I saw your presentation at CFUN'02 in
> Rockville and enjoyed it very much. I downloaded your
> presentation from DevCon'02 and noticed that you added a
> point to one of the slides. What you added said
> "Roles-caching Bug / Timeout Issue". What is the bug/issue?
> Thanks. ______________________________________________________
>
> Bill Grover
> Supervisor MIS Phone: 301.424.3300 x3324
> EU Services, Inc. FAX: 301.424.3696
> 649 North Horners Lane E-Mail: [EMAIL PROTECTED]
> Rockville, MD 20850-1299 WWW: http://www.euservices.com
> ______________________________________________________
>
>
>
> > -----Original Message-----
> > From: Raymond Camden [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, January 08, 2003 10:14 AM
> > To: CF-Talk
> > Subject: RE: CFLOGIN (Was: stupid newbie tricks)
> >
> >
> > This is one of the more confusing aspects of the
> roles-based security
> > system - it is NOT the same as sessions. In fact, the
> default timeout
> > for cflogin is different from sessions. One of the enhancement
> > requests already requested is to allow cflogin to use the session
> > scope instead of it's own timeout.
> >
> > ==============================================================
> > =========
> > Raymond Camden, ColdFusion Jedi Master for Mindseye, Inc
> >
> > Email : [EMAIL PROTECTED]
> > WWW : www.camdenfamily.com/morpheus
> > Yahoo IM : morpheus
> >
> > "My ally is the Force, and a powerful ally it is." - Yoda
> >
> > > -----Original Message-----
> > > From: Bill Grover [mailto:[EMAIL PROTECTED]]
> > > Sent: Wednesday, January 08, 2003 8:55 AM
> > > To: CF-Talk
> > > Subject: RE: CFLOGIN (Was: stupid newbie tricks)
> > >
> > >
> > > Thanks for the complement!
> > >
> > > The issue I was having may have been fixed. But what I was
> > > noticing was I would run my page, login and everything was
> > > happy. While working on something else I would leave the
> > > page alone for 20-25 minutes. Come back and refresh the
> > > page, or go to the next page and the system would error
> > > saying that SESSION.nUserID was undefined. Yet if you looked
> > > at the debug window the system still had the logon
> > > authentication cookie set so it would not run the <cflogon>
> > > tag. That is why I added the cflogout code at the beginning
> > > of the page.
> ______________________________________________________
> >
> >
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription:
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
This list and all House of Fusion resources hosted by CFHosting.com. The place for
dependable ColdFusion Hosting.
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
