Re: [ cf-dev ] session time out and security

Tue, 31 Aug 2004 07:54:16 -0700 

I fixed the problem.

I stuck in a cfinclude to a file that sets the session variables and it gets run after the authentication code.

scenario now is:

User bookmarks non-login page
Tries to access it, gets refered to login
Logs in, gets sent back to page
cfinclude file sets variables
sorted!


----- Original Message ----- From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, August 31, 2004 10:37 AM
Subject: Re: [ cf-dev ] session time out and security



Show us the code that's in login_process.cfm. It sounds like there's
something that's passing the CGI.HTTP_REFERER from index.cfm to
login_process.cfm, then redirecting there before you're setting the session
variables (unless I'm misunderstanding your login process).





"Jenny"
<[EMAIL PROTECTED] To: <[EMAIL PROTECTED]>
place.org> cc:
Subject: Re: [ cf-dev ] session time out and security
30/08/2004
18:21
Please respond
to dev





Hi Duncan,

Files:
1. index.cfm containing login
2. login_process.cfm processed after login and sets session variables
3. *.cfm any other file on the system with security check

normal process, 1, 2, 3
what's happening, 1, 3 - splatt

reason for splatt:
session times out or user bookmarks any other file on the system apart from

index.cfm
comes back and tries to login
CF tries to be over helpful and after sending user to login page then
returns them to 3 and bypasses 2.

sooo .. i need to stop CF passing the user straight back to 3 from 1 and
make sure they go through 2 first.

Hope that explains it!

Jenny


----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, August 30, 2004 2:49 PM
Subject: Re: [ cf-dev ] session time out and security



so there's two pages: login_process.cfm and process.cfm?  Can you include
the session variable stuff from process.cfm into login_process.cfm?





                   "Jenny"
                   <[EMAIL PROTECTED]        To:
<[EMAIL PROTECTED]>
                   place.org>             cc:
                                          Subject:     Re: [ cf-dev ]
session time out and security
                   30/08/2004
                   14:15
                   Please respond
                   to dev





Hi Duncan,

The login_process.cam is acted on from the login page.

Trouble happens when a user book marks other pages in the site that have
security set and require variables to run.  They try to return directly
to
the page, the security sends them to login page, then when they log in
the 
process.cfm page is skipped and none of the variables are set.

Jenny



----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, August 30, 2004 12:13 PM
Subject: Re: [ cf-dev ] session time out and security



so the login form has action="process.cfm", right? is there some code
in 
process.cfm that is redirecting before the session variables are set?





                   "Jenny"
                   <[EMAIL PROTECTED]        To:
<[EMAIL PROTECTED]>
                   place.org>             cc:
                                          Subject:     [ cf-dev ]
session 

time out and security
                   30/08/2004
                   11:18
                   Please respond
                   to dev






Hi all,

Got a problem with the above.  Scenario is:

standard login: login on front page of site refers using to a process
cfm 
which checks for further access rights and sets up a load of needed
session
variables.

messed up login:  user bookmarks secure page, security bungs them out to
the home page to login, they log in and then get directed by the default
security to their bookmarked page, skipping the process cfm and it
errors 
cos needed session variables haven't been set.

I've been through the docs a few hundred times, but can't see a
solution. 

Anyone have any ideas please?

Jenny



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.744 / Virus Database: 496 - Release Date: 24/08/2004




--
These lists are syncronised with the CFDeveloper forum at
http://forum.cfdeveloper.co.uk/
Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/

CFDeveloper Sponsors and contributors:-
*Hosting and support provided by CFMXhosting.co.uk* :: *ActivePDF
provided 
by activepdf.com*
     *Forums provided by fusetalk.com* :: *ProWorkFlow provided by
proworkflow.com*
          *Tutorials provided by helmguru.com* :: *Lists hosted by
gradwell.com*

To unsubscribe, e-mail: [EMAIL PROTECTED]




---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.744 / Virus Database: 496 - Release Date: 24/08/2004



--
These lists are syncronised with the CFDeveloper forum at
http://forum.cfdeveloper.co.uk/
Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/

CFDeveloper Sponsors and contributors:-
*Hosting and support provided by CFMXhosting.co.uk* :: *ActivePDF
provided 
by activepdf.com*
     *Forums provided by fusetalk.com* :: *ProWorkFlow provided by
proworkflow.com*
          *Tutorials provided by helmguru.com* :: *Lists hosted by
gradwell.com*

To unsubscribe, e-mail: [EMAIL PROTECTED]






--
These lists are syncronised with the CFDeveloper forum at
http://forum.cfdeveloper.co.uk/
Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/

CFDeveloper Sponsors and contributors:-
*Hosting and support provided by CFMXhosting.co.uk* :: *ActivePDF
provided 
by activepdf.com*
     *Forums provided by fusetalk.com* :: *ProWorkFlow provided by
proworkflow.com*
          *Tutorials provided by helmguru.com* :: *Lists hosted by
gradwell.com*

To unsubscribe, e-mail: [EMAIL PROTECTED]




---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.744 / Virus Database: 496 - Release Date: 24/08/2004



--
These lists are syncronised with the CFDeveloper forum at
http://forum.cfdeveloper.co.uk/
Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/

CFDeveloper Sponsors and contributors:-
*Hosting and support provided by CFMXhosting.co.uk* :: *ActivePDF provided
by activepdf.com*
     *Forums provided by fusetalk.com* :: *ProWorkFlow provided by
proworkflow.com*
          *Tutorials provided by helmguru.com* :: *Lists hosted by
gradwell.com*

To unsubscribe, e-mail: [EMAIL PROTECTED]






--
These lists are syncronised with the CFDeveloper forum at http://forum.cfdeveloper.co.uk/
Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/

CFDeveloper Sponsors and contributors:-
*Hosting and support provided by CFMXhosting.co.uk* :: *ActivePDF provided by activepdf.com*
*Forums provided by fusetalk.com* :: *ProWorkFlow provided by proworkflow.com*
*Tutorials provided by helmguru.com* :: *Lists hosted by gradwell.com*

To unsubscribe, e-mail: [EMAIL PROTECTED]




---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.744 / Virus Database: 496 - Release Date: 24/08/2004 



--
These lists are syncronised with the CFDeveloper forum at 
http://forum.cfdeveloper.co.uk/
Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/

CFDeveloper Sponsors and contributors:-
*Hosting and support provided by CFMXhosting.co.uk* :: *ActivePDF provided by 
activepdf.com*
     *Forums provided by fusetalk.com* :: *ProWorkFlow provided by proworkflow.com*
          *Tutorials provided by helmguru.com* :: *Lists hosted by gradwell.com*

To unsubscribe, e-mail: [EMAIL PROTECTED]

Reply via email to