Building a secure access screen to an admin area on a site. I have a
login screen on a public template which is then passed to a Cfcheck
template. Both of these templates are "controlled" by an
application.cfm template.
In this CFCheck template, if the Username and Password match what's in a
db, the following code is run:
<CFIF GetUser.RecordCount EQ 1>
<!--- Lock the Session Variables, and remember user's logged-in
status, plus u_ID and First Name, in structure --->
<CFLOCK TIMEOUT="10" THROWONTIMEOUT="No" TYPE="EXCLUSIVE"
SCOPE="SESSION">
<CFSET SESSION.Auth = StructNew()>
<CFSET SESSION.Auth.IsLoggedIn = "Yes">
<CFSET SESSION.Auth.ContactID = GetUser.U_ID>
<CFSET SESSION.Auth.FirstName = GetUser.First_Name>
<CFSET SESSION.Auth.LastName = GetUser.Last_Name>
</cflock>
But, I want to pass the valid user on to a starting page in the admin
section, which is "controlled" by a different application.cfm.
In this second application.cfm I have the following code:
<!--- If user is not logged in, force them to now --->
<CFIF NOT IsDefined("SESSION.Auth.IsLoggedIn")>
<CFLOCATION
URL="#APPLICATION.webroot#/login/default.cfm?access=Denied"
ADDTOKEN="No">
<CFABORT>
</CFIF>
Thus, the problem, can a Session, which is created in the Cfcheck.cfm
template be passed intact to another page, which is controlled by a
different application.cfm.
Whenever I run the login sequence, and I know it is successful, the
second application kicks me back out to the login screen (meaning that
its NOT IsDefined).
What am I doing wrong?
Thanks,
Mark
______________________________________________________________________
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
