<CFLOGIN> Tag - ColdFusion

  <CFLOGIN> Comments from Macromedia LiveDocs

LiveDocs Comments - coldfusion - 6 - CFML_Reference - Tags-pt169.htm
Thanks for posting your solution! I added enhancement request 60438 in response to this issue.

LiveDocs Comments - coldfusion - 6 - CFML_Reference - Tags-pt169.htm
It would be nice to see - in a future version - a remember me clause built into the login framework.

Also perhaps an emulation facility so someone with a set role i.e. admin can become another user in another role.

LiveDocs Comments - coldfusion - 6 - CFML_Reference - Tags-pt169.htm
Well, I've solved it.
I've added login functionaliteit to my application.cfm. When the bot is 'vspider', a login sequence is done for every page. The problem lies (I think) in the fact that a spider does not know or use a session. Therefor the login procedure is not "remembered" and has to be repeated for every page it visites.

LiveDocs Comments - coldfusion - 6 - CFML_Reference - Tags-pt169.htm
I have an intranet which authorises user with cflogin

can i use vspider to index the intranet?

LiveDocs Comments - coldfusion - 6 - CFML_Reference - Tags-pt169.htm
Both cflogin and cflogout are stored somewhere on the server so that means if that your first login attempt on a username/password combo will use the <cflogin> tag but following attempts using the same username/password combo on either 1) different browser or 2) different machine will bypass the <cflogin> tag.

LiveDocs Comments - coldfusion - 6 - CFML_Reference - Tags-pt169.htm
Note for those of us that copy/paste; In the attributes table for <CFLOGIN> on this help page, the idletimeout argument is spelled incorrectly. An "e" is missing.

B.G.

LiveDocs Comments - coldfusion - 6 - CFML_Reference - Tags-pt169.htm
Here's a simple CFC for checking to see if a user is in one of several roles:

<!--- code for isUserInRoles.cfc begins here --->
<cfcomponent>
<cffunction name="isUserInRoles" access="public" returntype="boolean">
<cfargument name="roles" type="string" required="true">
<cfscript>
for(i=1;i LTE ListLen(roles);i=i+1){
if (isUserInRole(ListGetAt(roles,i))) {return true;}
}
return false;
</cfscript>
</cffunction>
</cfcomponent>


An example of usage:

<cfset ur = createObject("component","path.to.components.isUserInRoles")>
<cfif ur.isUserInRoles("role1,role2,role3,role4")>
<!--- do something --->
</cfif>

LiveDocs Comments - coldfusion - 6 - CFML_Reference - Tags-pt169.htm
Although spelled correctly in the syntax code block, the idletimeout attribute is incorrectly spelled "idletimout" in the Attributes table. (I pasted the contents of the table below.)

(And thanks for all the work you put into CFMX to make it a great product!)

Attributes
Attribute Req/Opt Default Description
idletimout
Optional
1800
Time interval with no keyboard activity after which ColdFusion logs the user off. Seconds.

applicationtoken
Optional
the application name
Unique application identifier. Limits the login scope to an application context, so that logins cannot be created illegally.

cookiedomain
Optional

Domain for which the security cookie is valid.

LiveDocs Comments - coldfusion - 6 - CFML_Reference - Tags-pt169.htm
Clarification regarding the cookieDomain attribute:

cookieDomain lets you specify the domain of the cookie that is used to mark a user as logged in. You would use this if you had a cluster with machine names like x.foo.com, x2.foo.com, etc. This lets the cookie work for all machines in the cluster.

Thanks to Ray Camden for this tip.

LiveDocs Comments - coldfusion - 6 - CFML_Reference - Tags-pt169.htm
<cflogin> HAS to be in the same function of <cfloginuser> in a cfc to login a user.

LiveDocs Comments - coldfusion - 6 - CFML_Reference - Tags-pt169.htm
The first sentences describing this tag above are misleading and incorrect. It states:

"A container for user login and authentication code. ColdFusion checks the user-provided ID and password against a data source, LDAP directory, or other repository of login identification."

That's just not true. ColdFusion does not "check the provided ID and password". This explains some of the confusion people are having with this tag. As it more correctly states later "you put code in the body of the cflogin tag to check the user-provided ID and password against a data source, LDAP directory, or other repository of login identification."

LiveDocs Comments - coldfusion - 6 - CFML_Reference - Tags-pt169.htm
A good suggestion for a future release (maybe next SP) is to add some functionality that can be used to verify user role / user name without having to use the IsUserInRole() or GetAuth(), i.e.: cflogin.roles / cflogin.username. The dependence on IsUserInRole() and GetAuth() causes developers to stray from well-known ColdFusion best practices. For example, IsUserInRole() can not be properly used within a <switch> statement, forcing developers to use multiple <cfif><cfelseif><cfelse> loops, which is not a "best practice".

wow, I talk a lot.... ^_^

Recommended Books COLDFUSION MX Web Application Construction Kit (5th Edition) Authors:   Ben Forta and Nate Weiss 1500 pages [Top] Web Sites Macromedia The makers of ColdFusion/ColdFusion MX. ColdFusion Developer's Journal Forta.com (ColdFusion Section) Ben Forta is Macromedia's Senior Technical Evangelist. Here on his site find useful ColdFusion information. Flash CFM Flash and ColdFusion Development. Handling file uploads without CFFILE BLOG post by "Sam" on REWINDLIFE.COM gives insight into how to upload a file on your site if you are not allowed to use the CFFILE tag. [Top]