|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
|
|
#1
October 19th, 2005, 12:30 PM
|
|||
|
|||
|
cflogin and sessionTimeout Flash + CF
[I'll try to be as straight as I can]
I'm developing a rich internet application which uses coldfusion on the server side and flash with remoting as the frontend. The coldfusion application is made of a few cfc components, and most of the methods use roles attribute as users filter: Code:
<cfcomponent displayname="..." hint="...">
<cffunction name="..." roles="user,admin" access="remote" returntype="any">
<!--- method body --->
</cfunction>
</cfcomponent>
The Application.cfm contains this code (cflogin is used mainly for flash authentication): Code:
<cfapplication
name = "application_name"
clientManagement = "yes"
sessionManagement = "yes"
setClientCookies = "yes"
loginstorage = "session"
sessionTimeout = #CreateTimeSpan(0,0,0,5)#
applicationTimeout = #CreateTimeSpan(0,2,0,0)#
/>
<cflock scope="application" type="exclusive" timeout="20">
<cfset Application.dsn = "datasource_name" />
</cflock>
<cflogin>
<cfif isDefined("cflogin")>
<cfquery datasource="#application.dsn#" name="LoginUser">
SELECT * FROM users WHERE username = '#cflogin.name#' AND password = '#cflogin.password#'
</cfquery>
<cfif LoginUser.RecordCount>
<cfloginuser name="#cflogin.name#" password="#cflogin.password#" roles="#LoginUser.role#">
</cfif>
</cfif>
</cflogin>
The login inside flash uses the "setCredentials" method of the Service class, which fires the login routine inside the Application.cfm. The application eventually use getAuthUser() inside cfc methods. The facts: - I can login successfully through flash, and invoke remotely the cfc methods. If a user is trying to access a method with the wrong role, I get the error message as expected. - Every time I use getAuthUser() inside cfc methods, I find the authenticated user as expected - If I refresh the flash application, user is still logged in as expected until the sessionTimeout (nearly). The problem: - If I open a test.cfm page, after login, with just a Code:
<cfoutput>#getAuthUser()#</cfoutput> <cfdump var="#session#"> I can see the username (is it expected?) and the cfauthorization attribute in the session struct - After the time setted in the sessionTimeout (or something similar, it's never exactly the same), refreshing test.cfm I'm not getting the username and the cfauthorization attribute anymore (as expected), BUT from flash I can still invoke remote methods (thus I'm still logged), and getAuthUser inside cfc functions is still returning the user username - If after invoking a method from flash I refresh the test.cfm page again, I can see the user username back - After some time of inactivity from flash, finally the session ends for it too (I receive the "not authorized" error) What is going on? Why the session ends for the external page but not for flash? How can I synchronize them? Thanks!
|
|
#2
October 22nd, 2005, 04:58 PM
|
|||
|
|||
|
I've never messed with this sort of thing so I'm afraid I can't help much. You might try asking the folks at www.asfusion.com.
__________________
Ask if you have a question, but also help answer questions that you have knowledge of! Thanks, Brian. How to Post a Question in the Forums
|
|
#3
October 24th, 2005, 02:43 AM
|
|||
|
|||
|
Quote:
Thanks anyway, kiteless, I'll follow your suggestion. Cheers!
|
|
| Viewing: Dev Shed Forums > Programming Languages - More > ColdFusion Development > cflogin and sessionTimeout Flash + CF |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
