Mike Kear wrote: > I am working on a login system that has so many limitations you couldn't > imagine it. I want to have the actual login form and processing page as a > single pair of templates in a single location for the whole site. If any > page requires a user to be logged in, and they're not, they'll be sent to > this page and then sent back to the original page once satisfactorily logged > in against a table in the datasource. > > Not so difficult you'd have thought.
I still think so ;) > So let me put some limitations on there and see if it's still so easy: > > No client variables. Not allowed - all state management has to be in our > site's own datasources > No session variables - it's a clustered environment. > No custom tags permitted Still not so difficult. When you want a user to log in don't send him to a form or something. Just use cfheader to send a HTTP 401 (or was it 403?) to the user. Include some realm info as per RFC 2617 and make the authentication type basic. User gets a popup window which asks for authentication info. Upon completion of username and password the browser simply repeats the original HTTP reqeust, but adds a header with the authentication info. On the server, catch the header, extract the username and password and set a client variable (your specs above leave the possibility of using client variables and storing them in your own database). If you want I can send a code example tonight. Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists