> Also, if I use <cfloginuser> I'm limited to "name", > "password", and "roles", but the table is going to store more > information than that, that I'd like access to, like first > and last name for instance. I'd like to display that on each > page, but I'm not sure how to get it for each logged in user. Etc.. >
The cflogin framework handles 2 basic things - authentication and authorization. User data would still need to be handled as it is now. For example, maybe on login you get info like the user's name and age. You could then store that into the session scope(*). The 'roles-based security' system is not concerned with stuff like that - it just handles the low level stuff like determining if you are logged in and what roles are you in (if any). * cflogin is NOT based on sessions. That means your cflogin authentication could expire and your session vars would still exist. Therefore, you kind of have to hack around it. This is a typical section of code from an Application.cfm file using cflogin. I've added comments to explain what I'm doing. Any XXX implies a string I changed for privacy reasons. I've put ********** by the lines you really need to care about. <cfsetting enableCFOutputOnly = true> <cfapplication name="XXX" sessionManagement=true> <!--- Include App variables ---> <cfif not isDefined("application.init")> <cfinclude template="/intranet/includes/global_vars.cfm"> </cfif> ************** <!--- Handles logging the user out. Also not how we detect an expired session. This way if the session expires before the cflogin scope, we force a logout as well. ---> <cfif isDefined("url.logout") or not isDefined("session.userid")> <cflogout> </cfif> <!--- Include UDF library ---> <cfinclude template="/intranet/includes/udf.cfm"> <cflogin> <cfset showForm = true> ************** <!--- Again, the idea here is to keep Session/CFLOGIN in sync. ---> <cfset structClear(session)> <cfif isDefined("form.username") and len(trim(form.username)) and isDefined("form.password") and len(trim(form.password))> <cfif application.user.authenticate(trim(form.username), trim(form.password))> <cfloginuser name="#trim(form.username)#" password="#trim(form.password)#" roles="#application.user.getRoles(trim(form.username), trim(form.password))#"> ************** <!--- This is an example of how I store user info in the session scope. ---> <cfset structAppend(session,application.user.getUserInformation(trim(form.usern ame), trim(form.password)))> <cfset showForm = false> </cfif> </cfif> <cfif variables.showForm> <cfinclude template="/XXXX/wwwroot/login.cfm"> <cfabort> </cfif> </cflogin> ======================================================================= Raymond Camden, ColdFusion Jedi Master for Mindseye, Inc Member of Team Macromedia Email : [EMAIL PROTECTED] Blog : www.camdenfamily.com/morpheus/blog Yahoo IM : morpheus "My ally is the Force, and a powerful ally it is." - Yoda ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4