CFMX7 Standard in Win2K3 Server.
I'm using CFLOGIN to authenticate users. The problem is that a users
login won't expire when their browser session is idle for longer than
the session expiration (currently set to 20 minutes). However, when
the browser window is closed, the user login does expire. I thought
the advantage of cflogin was that it would handle all of this? Is
there something that I'm doing wrong? Code is below.
Pete
Application.cfc:
<cfset this.name = "idrintranet">
<cfset this.sessionmanagement = "true">
<cfset this.sessiontimeout = "#createTimeSpan(0,0,20,0)#">
<cfset this.applicationtimeout = "#createTimeSpan(0,12,0,0)#">
Auth_script.cfm (include file):
<!--- Log the user out --->
<cfif isDefined("URL.a") AND URL.a EQ "logout">
<cfinvoke component="cfc.log" method="writeLog"
msgType="Authentication" userid="#getAuthUser()#" logAction="logout"
logMessage="#getAuthUser()# has logged out at #now()#"></cfinvoke>
<cflogout>
<cfset request.errormsg = "You have been logged out.">
</cfif>
<!--- Log the user in. Set idle timeout to 20 minutes (1200 seconds) --->
<cflogin idletimeout="1200">
<cfif NOT isDefined("cflogin")>
<cfinclude template="/inc/auth_form.cfm">
<cfabort>
<cfelse>
<cfif cflogin.name IS "" OR cflogin.password IS "">
<cfset request.errormsg = "You must provide both userid
and password">
<cfinclude template="/inc/auth_form.cfm">
<cfabort>
<cfelse>
<cfstoredproc procedure="spAuthenticateUser"
datasource="idr"
password="grouse" debug="Yes" returncode="Yes">
<cfprocparam type="In"
cfsqltype="CF_SQL_VARCHAR"
dbvarname="userid" value="#cflogin.name#" null="No">
<cfprocparam type="In"
cfsqltype="CF_SQL_VARCHAR"
dbvarname="password" value="#cflogin.password#" null="No">
<cfprocresult name="loginQuery">
</cfstoredproc>
<cfif loginQuery.recordcount EQ 1>
<!--- Set the userid as a numeric value in the
session scope --->
<cfset session.userid = loginquery.id>
<!--- If the login query returns a single
record, get the roles
for that user --->
<cfstoredproc procedure="spGetGroupsByUser"
datasource="idr"
returncode="yes">
<cfprocparam cfsqltype="CF_SQL_INTEGER"
type="IN" value="#loginQuery.id#">
<cfprocresult name="groupNames">
</cfstoredproc>
<!--- Initialize the roles and create a list of
roles --->
<cfset tmp = structNew()>
<cfset tmp.roles="">
<cfloop query="groupNames"><cfset
tmp.roles=listAppend(tmp.roles,groupNames.groupName,",")></cfloop>
<cfif listLen(tmp.roles) EQ 0>
<!--- If the user has no roles --->
<cfset request.errormsg = "There are no
roles defined for that
user.<br>Please see your site administrator.">
<cfinclude
template="/inc/auth_form.cfm">
<cfabort>
<cfelse>
<!--- If the user has roles,
authenticate them --->
<cfloginuser name="#cflogin.name#"
password="#cflogin.password#"
roles="#tmp.roles#">
</cfif>
<cfinvoke component="cfc.log" method="writeLog"
msgType="Authentication" userid="#cflogin.name#" logAction="login"
logMessage="#cflogin.name# has logged in at #now()#"></cfinvoke>
<cfelse>
<cfset request.errormsg = "Invalid login,
please try again.">
<cfinclude template="/inc/auth_form.cfm">
<cfabort>
</cfif>
</cfif>
</cfif>
</cflogin>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Discover CFTicket - The leading ColdFusion Help Desk and Trouble
Ticket application
http://www.houseoffusion.com/banners/view.cfm?bannerid=48
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:218691
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
