|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Be the architects of evolution and help create the mobile internet future. It’s your move---enter to win here! |
|
#1
August 24th, 2004, 12:55 AM
|
|||
|
|||
|
Weirdness with hyperlinks and cflocation
Hi all,
I created 4 pages all in the same directory. 1. Application.cfm 2. loginForm.cfm 3. loginAction.cfm 4. adminIndex.cfm The login form sends input data to the action page which checks the inputs against a query. The query joins three tables and fills session structure variables with data. I then check inside the action page with CFOUTPUT to see if the variables were filled and they are. THEN I have a link on the bottom of the page that links to the adminIndex.cfm template. The adminIndex.cfm template will then check to see if the session variables are defined. Here's the problem: If I use the hyperlink, the variables are NOT defined. Then if I changed the link to a CFLOCATION tag the session variables ARE defined! Can someone please explain why this happens? That way I can do it right the first time... thanks, Nathan
|
|
#2
August 24th, 2004, 08:14 AM
|
|||
|
|||
|
Look at your cfapplication tag, are you specifying that session cookies be used? I bet you are not. When you do the URL link, your cfid and cftoken are not passed so the application doesn't know what your session is. By default cflocation will pass the id and token, so the application does know which session you have.
__________________
Ask if you have a question, but also help answer questions that you have knowledge of! Thanks, Brian. How to Post a Question in the Forums
|
|
#3
August 24th, 2004, 09:39 AM
|
|||
|
|||
|
You're right....No cookies were set in the App file.
But there are two choices. SetDomainCookies and SetClientCookies. Which is the correct one and why the choice? Nathan
|
|
#5
August 27th, 2004, 11:37 AM
|
|||
|
|||
|
An issue one step further...
How can I programatically get rid of CFIF and CFTOKEN on the server once I've deleted the structure in my logout page?
I want to use the ID and TOKEN ONLY while the structure is active NOT after the structure is deleted. Right now if I save the URL with the ID and TOKEN, I can go directly to that secured page as if I never logged in. This is a bad security risk in secured pages. I also use CFHEADER tags to prevent caching but the saved ID and TOKEN bypass that... Any ideas? Nathan
|
|
#6
August 27th, 2004, 01:15 PM
|
|||
|
|||
|
You need to handle this yourself by comparing a "logged in time" with the current time, and only letting them back in if they haven't exceed the timeout period. I believe the cflogin tag does this automatically, or you can handle it yourself if you have your own authentication system.
Note that this would happen on any system that was passing an id to identify the current user and facilitate session management. In other words, it's a general web application issue and not just a CF issue.
|
|
| Viewing: Dev Shed Forums > Programming Languages - More > ColdFusion Development > Weirdness with hyperlinks and cflocation |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
