Suggestion here, not sure if it will solve your problem. It look like
application.cfm is resetting the session.LoggedIn to false every time it
loads. you might want to only declare it in the application.cfm file and
then only change it in the login form. Another thing to consider is when you
offer the login form from the application.cfm file try using cfinclude
index.cfm and then cfabort to avoid changing the session.LoggedIn variable
before the username password is submitted.
When I build a secure login I wrap the cfinclude to the login page with a
condition that looks for NOT isDefined("session.LoggedIn") and then offers
the login form and aborts processing. That way next run of the page after
the login form has queried the datasource and set the session.logged in var
the login form will not be offered.
Sometime when your not so tired go and read the docs on the security manager
I built. I found a way to use two custom tags and never have to write that
security code again and again. The security manager comes with a user
manager that can be delivered to your clients to utilize security in there
own site.
Go to http://www.netwebapps.com/remotedev2001/index.htm and click on the
documentation tab, see security help item.
----- Original Message -----
From: "Wayne Putterill" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Sunday, February 18, 2001 12:40 PM
Subject: Help! have to login twice?
> It's 6.30 on a Sunday night, my brain is fried and I need help to spot an
> error, otherwise the Allaire Demon will haunt my sleep tonight ;)
>
> I am trying to get a login system working reusing some code from another
> site, I think it was originally from a tutorial somewhere, it works but
> always throws out the first attempt to login - i.e. you put in a correct
> username & password and it rejects them, enter again and no problem, you
are
> logged in.
>
> There are three pages involved -
>
> index.htm
>
> Just a form which calls results.cfm with userid and password
>
> results.cfm
>
> <cflock timeout="2" throwontimeout="No" type="EXCLUSIVE" scope="SESSION">
> <CFSET Session.LoggedIn = FALSE>
> </cflock>
>
> <CFQUERY name="CheckUser" datasource="interlink">
> SELECT loginid, password, name, company_id, email
> FROM members
> WHERE loginid = '#Form.UserID#'
> </CFQUERY>
>
> <CFIF CheckUser.RecordCount GREATER THAN 0>
> <CFIF CheckUser.password IS Form.PassWord>
> <cflock timeout="2" throwontimeout="No" type="EXCLUSIVE"
scope="SESSION">
> <CFSET Session.LoggedIn = TRUE>
> <CFSET Session.UserID = CheckUser.loginid>
> <CFSET Session.Username = CheckUser.name>
> <CFSET Session.member_id = CheckUser.company_id>
> <CFSET Session.email = CheckUser.email>
> </cflock>
> <CFELSE>
> <CFSET Reason = "the password you\'ve typed is invalid. Try again">
> </CFIF>
> <CFELSE>
> <CFOUTPUT>
> <CFSET Reason = 'I could not find a user named #Form.UserID# here.'>
> </CFOUTPUT>
> </CFIF>
>
> <CFIF Session.LoggedIn>
> <SCRIPT LANGUAGE="JavaScript">self.location ='members.cfm';</SCRIPT>
> <CFELSE>
> <CFOUTPUT>
> <SCRIPT>alert("Sorry! Your login was unsuccessful because #Reason#");
> self.location="index.htm"; </SCRIPT>
> </CFOUTPUT>
> </CFIF>
>
>
> application.cfm
>
> <CFAPPLICATION NAME="memberslogin" SESSIONMANAGEMENT="Yes"
> SESSIONTIMEOUT="#CreateTimeSpan(0,0,15,0)#"
> APPLICATIONTIMEOUT="#CreateTimeSpan(0,0,15,0)#">
>
> <cflock timeout="2" throwontimeout="No" type="EXCLUSIVE" scope="SESSION">
> <CFPARAM name="session.LoggedIn" DEFAULT="FALSE">
> </cflock>
>
> <cfoutput>
> <CFIF #session.LoggedIn# IS "FALSE">
> <CFIF (CGI.SCRIPT_NAME IS NOT "index.htm" AND CGI.SCRIPT_NAME IS NOT
> "results.cfm")>
> <SCRIPT LANGUAGE="JavaScript">alert("The system has detected an invalid
> login.
> You will be prompted for your login/password again.");
> self.location ='index.htm';
> </SCRIPT>
> </CFIF>
> </CFIF>
> </cfoutput>
>
> I just know this is going to be a "Doh!" moment, but thanks in advance to
> anyone who can slap me on the head and point out to me where I am making a
> fool of myself.
>
> Wayne Putterill
> [EMAIL PROTECTED]
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
