Show us the code that's in login_process.cfm. It sounds like there's
something that's passing the CGI.HTTP_REFERER from index.cfm to
login_process.cfm, then redirecting there before you're setting the session
variables (unless I'm misunderstanding your login process).
"Jenny"
<[EMAIL PROTECTED] To: <[EMAIL PROTECTED]>
place.org> cc:
Subject: Re: [ cf-dev ] session time
out and security
30/08/2004
18:21
Please respond
to dev
Hi Duncan,
Files:
1. index.cfm containing login
2. login_process.cfm processed after login and sets session variables
3. *.cfm any other file on the system with security check
normal process, 1, 2, 3
what's happening, 1, 3 - splatt
reason for splatt:
session times out or user bookmarks any other file on the system apart from
index.cfm
comes back and tries to login
CF tries to be over helpful and after sending user to login page then
returns them to 3 and bypasses 2.
sooo .. i need to stop CF passing the user straight back to 3 from 1 and
make sure they go through 2 first.
Hope that explains it!
Jenny
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, August 30, 2004 2:49 PM
Subject: Re: [ cf-dev ] session time out and security
>
> so there's two pages: login_process.cfm and process.cfm? Can you include
> the session variable stuff from process.cfm into login_process.cfm?
>
>
>
>
>
> "Jenny"
> <[EMAIL PROTECTED] To:
> <[EMAIL PROTECTED]>
> place.org> cc:
> Subject: Re: [ cf-dev ]
> session time out and security
> 30/08/2004
> 14:15
> Please respond
> to dev
>
>
>
>
>
> Hi Duncan,
>
> The login_process.cam is acted on from the login page.
>
> Trouble happens when a user book marks other pages in the site that have
> security set and require variables to run. They try to return directly
to
> the page, the security sends them to login page, then when they log in
the
> process.cfm page is skipped and none of the variables are set.
>
> Jenny
>
>
>
> ----- Original Message -----
> From: <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, August 30, 2004 12:13 PM
> Subject: Re: [ cf-dev ] session time out and security
>
>
>>
>> so the login form has action="process.cfm", right? is there some code
in
>> process.cfm that is redirecting before the session variables are set?
>>
>>
>>
>>
>>
>> "Jenny"
>> <[EMAIL PROTECTED] To:
>> <[EMAIL PROTECTED]>
>> place.org> cc:
>> Subject: [ cf-dev ]
session
>
>> time out and security
>> 30/08/2004
>> 11:18
>> Please respond
>> to dev
>>
>>
>>
>>
>>
>>
>> Hi all,
>>
>> Got a problem with the above. Scenario is:
>>
>> standard login: login on front page of site refers using to a process
> cfm
>> which checks for further access rights and sets up a load of needed
>> session
>> variables.
>>
>> messed up login: user bookmarks secure page, security bungs them out to
>> the home page to login, they log in and then get directed by the default
>> security to their bookmarked page, skipping the process cfm and it
errors
>> cos needed session variables haven't been set.
>>
>> I've been through the docs a few hundred times, but can't see a
solution.
>>
>> Anyone have any ideas please?
>>
>> Jenny
>>
>>
>>
>> ---
>> Outgoing mail is certified Virus Free.
>> Checked by AVG anti-virus system (http://www.grisoft.com).
>> Version: 6.0.744 / Virus Database: 496 - Release Date: 24/08/2004
>>
>>
>>
>>
>> --
>> These lists are syncronised with the CFDeveloper forum at
>> http://forum.cfdeveloper.co.uk/
>> Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/
>>
>> CFDeveloper Sponsors and contributors:-
>> *Hosting and support provided by CFMXhosting.co.uk* :: *ActivePDF
> provided
>> by activepdf.com*
>> *Forums provided by fusetalk.com* :: *ProWorkFlow provided by
>> proworkflow.com*
>> *Tutorials provided by helmguru.com* :: *Lists hosted by
>> gradwell.com*
>>
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>
>>
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.744 / Virus Database: 496 - Release Date: 24/08/2004
>
>
>
> --
> These lists are syncronised with the CFDeveloper forum at
> http://forum.cfdeveloper.co.uk/
> Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/
>
> CFDeveloper Sponsors and contributors:-
> *Hosting and support provided by CFMXhosting.co.uk* :: *ActivePDF
provided
> by activepdf.com*
> *Forums provided by fusetalk.com* :: *ProWorkFlow provided by
> proworkflow.com*
> *Tutorials provided by helmguru.com* :: *Lists hosted by
> gradwell.com*
>
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>
>
>
>
>
>
> --
> These lists are syncronised with the CFDeveloper forum at
> http://forum.cfdeveloper.co.uk/
> Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/
>
> CFDeveloper Sponsors and contributors:-
> *Hosting and support provided by CFMXhosting.co.uk* :: *ActivePDF
provided
> by activepdf.com*
> *Forums provided by fusetalk.com* :: *ProWorkFlow provided by
> proworkflow.com*
> *Tutorials provided by helmguru.com* :: *Lists hosted by
> gradwell.com*
>
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>
>
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.744 / Virus Database: 496 - Release Date: 24/08/2004
--
These lists are syncronised with the CFDeveloper forum at
http://forum.cfdeveloper.co.uk/
Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/
CFDeveloper Sponsors and contributors:-
*Hosting and support provided by CFMXhosting.co.uk* :: *ActivePDF provided
by activepdf.com*
*Forums provided by fusetalk.com* :: *ProWorkFlow provided by
proworkflow.com*
*Tutorials provided by helmguru.com* :: *Lists hosted by
gradwell.com*
To unsubscribe, e-mail: [EMAIL PROTECTED]
--
These lists are syncronised with the CFDeveloper forum at
http://forum.cfdeveloper.co.uk/
Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/
CFDeveloper Sponsors and contributors:-
*Hosting and support provided by CFMXhosting.co.uk* :: *ActivePDF provided by
activepdf.com*
*Forums provided by fusetalk.com* :: *ProWorkFlow provided by proworkflow.com*
*Tutorials provided by helmguru.com* :: *Lists hosted by gradwell.com*
To unsubscribe, e-mail: [EMAIL PROTECTED]
