> should not be used as a log-in check. That's exactly what it
> is (and that's all that it is). GetAuthUser(), by
> definition, returns the username of the current user. You
> happen to be able to use both to determine whether or not
> someone is logged-in... I'm not sure whether there's any
> performance difference between the two (I'd think <cflogin>
> would be quicker in determining if someone's logged-in, but
> the difference would never be significant enough to matter
> anyway). So I guess it's really just a personal preference
> thing. I use both... if I'm in the display layer, I like
> <cflogin>. If I'm anywhere else, I generally use
> getAuthUser().... primarily because so much of my code is <cfscript>.
I don't think I quite made my point clear. I'm not saying <cflogin>
shouldn't be used as a login check - obviously you can use it to force login
when a person isn't logged in. My feeling was that it should not be used
PURELY as a conditional, ie,
<cflogin>
display stuff here for non logged in users
</cflogin>
It should be used as a conditional check for login that _also_ handles the
login of the user, potentially aborting the process. etc.
Obviously a nitpicky difference and something I don't expect others to agree
with. ;)
So, someone go to the Macromedia forum and request for a "real"
isAuthenticated() function.
Btw - as a side note (I blogged this before so sorry for repeating myself) -
be careful when writing security related UDFs. As you know, getAuthUser()
returns an empty string if you aren't logged in. You may be tempted to write
this UDF:
function isAuthenticated() {
return getAuthUser() neq "";
}
However, if you try to call it (there is no bug with just declaring it), you
get:
Function isAuthenticated is not supported in ColdFusion MX.
Why? IsAuthenticated() was one of the old Advanced Security funcitons. AS
was removed in MX. However, instead of just removing the functions, CF
actually has a "hook" in it so even if you define your own UDF, you can't
call it. (And yes, I've already reported this. :)
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
