Skip to main content
A
Anonymous
January 5, 2009
Question

Cookies and cflogin

  • January 5, 2009
  • 14 replies
  • 2086 views
I have no idea what the issue is because sometimes this works and sometimes it doesn't....

I have all my session management code in the Application.cfm file and I let users revisit pages without logging in if they have cookies enabled. However, I also clear those cookies when they logout and also use the cflogout tag.

If the cookies have been cleared the user should not be able to login again unless they use a form but for some strange reason coldfusion is letting users do that even after cookies are cleared and cflogout.... ??????
    This topic has been closed for replies.

    14 replies

    A
    Anonymous
    January 27, 2009
    Randy try StructDelete instead of struct clear on your application and session variables. I used that in my logout.cfm and it finally worked.
    RLS
    RLS
    Inspiring
    January 27, 2009
    Thanks for the suggestion, but, alas, no go. Now, the only variables I deleted were SESSION.getauthuser and APPLICATION.getauthuser, but at the end of the login routine I did do a cfdump of everything, as shown below (before and after) and there is NOTHING there. All are empty. Yet, when I went back up to the URL and called up the site, then went to my login page, I was instead directed to my account as I was already logged in.

    This makes no sense to me. Could there be an auto-login from my browser, perhaps? But those usually just fill in the blanks on the login form and wait for you to hit submit...

    Still perplexed.
    RLS

    N
    Newsgroup_User
    Inspiring
    January 27, 2009
    RLS wrote:
    >
    > This makes no sense to me. Could there be an auto-login from my browser,
    > perhaps? But those usually just fill in the blanks on the login form and wait
    > for you to hit submit...
    >
    > Still perplexed.
    > RLS
    >

    I have occasionally been following this thread, so forgive me if I have
    overlooked something. But everything I have read leads me to think that
    you may have code accessing different scopes. This would be caused by
    templates being run under different application names.

    At the top of every template output the CFID and CFTOKEN values. If
    these values never change then I am probably wrong. But if they are
    different on your logout page then your login page, then different parts
    of your application are accessing different application and|or session
    scopes.

    A
    Anonymous
    January 19, 2009
    That was it. Thanks!!!
    RLS
    RLS
    Inspiring
    January 27, 2009
    I followed this topic through to the end and see that I was doing everything except the cookie clear. I added the clearing of cookies CFID and CFTOKEN to no avail. I can still LOGOUT, then when I return to where I should get a login screen, I instead see that I'm still logged in. I tested the variables with cfdump's during the logout, and it says that my Session and Application are completely cleared.

    So how in the world is it that I'm still logged in?

    I am so completely baffled...
    BKBK
    Community Expert
    BKBKCommunity Expert
    Community Expert
    January 15, 2009
    I suppose Coldfusion still counts an empty cookie as a cookie. What if you use the combination

    <cfset isLoginCookieDeleted = StructDelete(cookie, "ffc_login")>
    <cfset isPwCookieDeleted = StructDelete(cookie, "ffc_password")>




    A
    Anonymous
    January 13, 2009
    Please can someone help out with this? You see all the code. I can login and browse, click logout, and then log back in without being presented a form. This is not correct. If a user clicks logout the cookies are cleared and I used <cfset clear_them = StructClear(SESSION)> to clear the session variables.

    Is there anything else I can try? The logic seems accurate. I should be presented with a new login form after clicking logout.
    A
    Anonymous
    January 8, 2009
    I really don't understand this.

    Now the Struct statement works error free. However, after clearing the cookies and clearing the session variables and cflogout, I can still go right back into the site without logging in and that's not right.

    I don't get it.
    A
    Anonymous
    January 7, 2009
    Would it matter if cflogout was above the other code?
    A
    Anonymous
    January 7, 2009
    same dir

    N
    Newsgroup_User
    Inspiring
    January 7, 2009
    idesdema wrote:
    > Sessions (session variables) are enabled as I use them throughout the application.
    >
    > Something is wrong with the struct statement.
    >
    > This should be really easy and its driving me kabonkers.

    Or something is wrong with your session scope.

    Here is an off the wall question. Where is this logout template in
    relation to your application.cfm|.cfc file in your web site directory
    structure.

    A
    Anonymous
    January 7, 2009
    Sessions (session variables) are enabled as I use them throughout the application.

    Something is wrong with the struct statement.

    This should be really easy and its driving me kabonkers.
    BKBK
    Community Expert
    BKBKCommunity Expert
    Community Expert
    January 7, 2009
    > Variable SESSION is undefined.

    Doesn't sound good. You should enable sessions in the Coldfusion Administrator and in the Application file.

    Show more replies
    Firefly Community Gallery
    Adobe Firefly

    Remix with Firefly Community Gallery

    Thousands of free creations to fall in love with and remix in Firefly.

    Explore now
    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices