RE: [ cf-dev ] Authentication problems

Colm Brazel Mon, 03 Nov 2003 10:49:40 -0800

using exclusive session locks can cause bottleneck freezes under even a
light load,  a workaround is to copy the session scope into the request or
variable scope, you have to take care copying back to the session scope
using


 <cflock timeout="30" throwontimeout="Yes" type="EXCLUSIVE" scope="SESSION">
  <CFLOOP index="Key" list=#StructKeyList(variables.LSess)#>
    <CFSET "Session.#Key#"=Duplicate(Evaluate("variables.LSess.#Key#"))>
  </CFLOOP>
</cflock>

try the above as in
http://www.johnwbartlett.com/CF_tipsNtricks/index.cfm?TopicID=44

rgds



Colm

-----Original Message-----
From: Albert Popkov [mailto:[EMAIL PROTECTED]
Sent: 03 November 2003 16:00
To: [EMAIL PROTECTED]
Subject: RE: [ cf-dev ] Authentication problems



You may have problems when the site is used from within a frame hosted
on another domain,
including some web based mail systems, eg. homail. We also have problems
with some AOL
users - but still can't replicate it.

Also, double check privacy configuration for your server - we had a
problem with that in the past.







-----Original Message-----
From: Bob Wood [mailto:[EMAIL PROTECTED]
Sent: Monday, November 03, 2003 3:33 PM
To: [EMAIL PROTECTED]
Subject: RE: [ cf-dev ] Authentication problems


d,

Incorrrect logins are dealt with properly.

I can use any correct id/password pair to login successfully, not only
on my development machine, but on another machine on our network I've
never used before (once cookies have been enabled).

But not all users can use their own login. Is it too simplistic to
assume that because I can login OK, the fault is with a user's browser?

Bob

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: 03 November 2003 15:19
To: [EMAIL PROTECTED]
Subject: Re: [ cf-dev ] Authentication problems

Bob,

Seems strange this error would be thrown and it should be nothing to do
with cookies. If the login is successful then the session var
(MM_username) should be set up. Anyone else see anything in this?

What happens when you put incorrect login details in?

d


----- Original Message -----
From: "Bob Wood" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, November 03, 2003 11:59 AM
Subject: RE: [ cf-dev ] Authentication problems


> Application.cfm:
>
>
> <CFAPPLICATION NAME="ISFA"
> CLIENTMANAGEMENT="Yes"
> SESSIONMANAGEMENT="Yes"
> SETCLIENTCOOKIES="Yes" SESSIONTIMEOUT="#CreateTimeSpan(0,0,15,0)#"
> APPLICATIONTIMEOUT="#CreateTimeSpan(0,2,0,0)#">
>
> <CFERROR MAILTO="[EMAIL PROTECTED]"
> TYPE="Request" TEMPLATE="custom_error.cfm">
>
>
>
> <CFSET web_db = "newmedia">
>
> <CFSET yearNow=DateFormat(Now(),"YYYY")>
>
> <cfsetting  showdebugoutput="No">
>
> -----------------------------------------------------------
>
>
> Login page:
>
>
> <cfif IsDefined("FORM.login")>
>   <cfset MM_redirectLoginSuccess="school_admin.cfm">
>   <cfset MM_redirectLoginFailed="logon_fail.cfm">
>   <cfquery  name="MM_rsUser" datasource="#web_db#">
>   SELECT Login,Password FROM ISFA WHERE Login='#FORM.login#' AND
> Password='#FORM.pword#'
>
>   </cfquery>
>   <cfif MM_rsUser.RecordCount NEQ 0>
>     <cftry>
>       <cflock scope="Session" timeout="30" type="Exclusive">
>         <cfset Session.MM_Username=FORM.login>
>         <cfset Session.MM_UserAuthorization="">
>       </cflock>
>       <cfif IsDefined("URL.accessdenied") AND false>
>         <cfset MM_redirectLoginSuccess=URL.accessdenied>
>       </cfif>
>       <cflocation url="#MM_redirectLoginSuccess#" addtoken="no">
>       <cfcatch type="Lock">
>         <!--- code for handling timeout of cflock --->
>       </cfcatch>
>     </cftry>
>   </cfif>
>   <cflocation url="#MM_redirectLoginFailed#" addtoken="no">
>   <cfelse>
>   <cfset MM_LoginAction=CGI.SCRIPT_NAME>
>   <cfif CGI.QUERY_STRING NEQ "">
>     <cfset MM_LoginAction=MM_LoginAction & "?" & CGI.QUERY_STRING>
>   </cfif>
> </cfif>
>
> AND:
>
>       <form name="form2" method="POST"
> action="<cfoutput>#MM_loginAction#</cfoutput>">
>         <table width="100%" border="0" cellspacing="0"
cellpadding="5">
>           <tr>
>             <td width="16%"><div align="right" class="bodyText">Login
> id: </div></td>
>             <td width="84%"><input name="login" type="text" size="30"
> id="login"></td>
>           </tr>
>           <tr>
>             <td><div align="right" class="bodyText">Password:
> </div></td>
>             <td><input name="pword" type="password" size="30"
> id="pword"></td>
>           </tr>
>           <tr>
>             <td>&nbsp;</td>
>             <td><input type="submit" name="Submit" value="Submit">
> <input type="reset" name="Submit2" value="Reset"></td>
>           </tr>
>         </table>
>       </form>
>
>
------------------------------------------------------------------------
> ---
>
> Secured page:
>
>
> <cfif Session.MM_Username EQ ""><cflocation url="home.cfm"></cfif>
>
> <cfif IsDefined("URL.MM_logout") AND URL.MM_logout EQ "1">
>   <cflock scope="Session" type="Exclusive" timeout="30"
> throwontimeout="no">
>     <cfset Session.MM_Username="">
>     <cfset Session.MM_UserAuthorization="">
>   </cflock>
>   <cfset MM_logoutRedirectPage="home.cfm">
>   <cfif MM_logoutRedirectPage EQ "">
>     <cfset MM_logoutRedirectPage=CGI.SCRIPT_NAME>
>   </cfif>
>   <cfset
>
MM_logoutQuery=ListDeleteAt(CGI.QUERY_STRING,ListContainsNoCase(CGI.QUER
> Y_STRING,"MM_logout=","&"),"&")>
>   <cfif MM_logoutQuery NEQ "">
>     <cfif Find("?",MM_logoutRedirectPage) EQ 0>
>       <cfset MM_logoutRedirectPage=MM_logoutRedirectPage & "?" &
> MM_logoutQuery>
>       <cfelse>
>       <cfset MM_logoutRedirectPage=MM_logoutRedirectPage & "&" &
> MM_logoutQuery>
>     </cfif>
>   </cfif>
>   <cflocation url="#MM_logoutRedirectPage#" addtoken="no"> </cfif>
> <cflock scope="Session" type="ReadOnly" timeout="30"
> throwontimeout="no">
>   <cfset
>
MM_Username=Iif(IsDefined("Session.MM_Username"),"Session.MM_Username",D
> E(""))>
>   <cfset
>
MM_UserAuthorization=Iif(IsDefined("Session.MM_UserAuthorization"),"Sess
> ion.MM_UserAuthorization",DE(""))>
> </cflock>
> <cfif MM_Username EQ "">
>   <cfset MM_referer=CGI.SCRIPT_NAME>
>   <cfif CGI.QUERY_STRING NEQ "">
>     <cfset MM_referer=MM_referer & "?" & CGI.QUERY_STRING>
>   </cfif>
>   <cfset MM_failureURL="login.cfm?accessdenied=" &
> URLEncodedFormat(MM_referer)>
>   <cflocation url="#MM_failureURL#" addtoken="no">
> </cfif>
> <cfset CurrentPage=GetFileFromPath(GetTemplatePath())>
> <cfparam name="SESSION.MM_Username" default="1">
>
>
>
------------------------------------------------------------------------
> --
>
> I don't think I've missed anything out. These are just Dreamweaver MX
> behaviours . . . . .
>
> Thanks for your time!
>
> Cheers,
> Bob
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: 03 November 2003 10:16
> To: '[EMAIL PROTECTED]'
> Subject: RE: [ cf-dev ] Authentication problems
> Importance: Low
>
> Hi Bob
>
> We'd need to see the code in:
>
> 1. Application.cfm
>
> 2. The login code setting the session variable which defines them as
> logged in
>
> 3. The security include/code securing all the pages
>
> Then we'd be able to help diagnose the problem
>
> HTH
> Mark
>
> -----Original Message-----
> From: Bob Wood [mailto:[EMAIL PROTECTED]
> Sent: 03 November 2003 08:42
> To: [EMAIL PROTECTED]
> Subject: [ cf-dev ] Authentication problems
>
>
> Hi All,
>
> I'm a CF newbie and have a dynamic site with some pages secured
against
> a list of login ids and passwords.
>
> Problem is, not everyone can get in. I can, from my computer, get in
as
> anyone. Some people have an error come up with "MM_USERNAME is
> undefined_session". I can replicate this by turning cookies off, but
> other users say their browsers do have cookies enabled, but still
can't
> get in.
>
> Is there something basic I'm missing? Why can I get in when others
> can't? Do I need to tweak my Application.cfm?
>
> Any help much appreciated.
>
> Thanks,
> Bob
>
>
> --
> ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/
>
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED] For
> human help, e-mail: [EMAIL PROTECTED]
>
> --
> ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/
>
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED] For
> human help, e-mail: [EMAIL PROTECTED]
>
>
>
> --
> ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/
>
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED] For
> human help, e-mail: [EMAIL PROTECTED]
>
>



--
** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/

To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED] For
human help, e-mail: [EMAIL PROTECTED]



--
** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/

To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED] For
human help, e-mail: [EMAIL PROTECTED]


--
** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/

To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For human help, e-mail: [EMAIL PROTECTED]

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.530 / Virus Database: 325 - Release Date: 22/10/2003

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.530 / Virus Database: 325 - Release Date: 22/10/2003


-- 
** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/

To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For human help, e-mail: [EMAIL PROTECTED]

RE: [ cf-dev ] Authentication problems

Reply via email to