Participating Frequently

Question

How to build Login Based CF Sites? (Session Management Problem IE9)

Forum|Forum|14 years ago
December 29, 2011
3 replies
5806 views

For years I have used one script that I found in a Ben Forte book to build membership-based ColdFusion sites. For some reason this Application.cfc script no longer works in IE9. I can still create login based sites using IE8 and Firefox with this very same script, with no problems. My question is two-fold: 1) Is this the proper way most people are still building membership-based CF sites, and 2) If this way is still acceptable, is there some workaround for IE9.

Overview of Application CFC script:

At each page request the Application.cfc file checks to see if the user is logged in. If true it brings up the requested page. On initial login, this Application.cfc file which sits in the members only folder allows only certain pages to be run, mainly the loginscript page to allow the user to initially get to the members only section. After that, the user can only reach other pages when Session.LoggedIn is true; otherwise they get kicked out to the homepage.

I have left out the DB calls and other info in the CFC file for simplicity here - like I said, this works right now in Firefox and older versions of Internet Explorer.

Application CFC file...

<cfscript>
THIS.name = "TEST";
       THIS.applicationTimeout = createTimeSpan(0,2,0,0);
       THIS.clientmanagement = "yes";
       THIS.loginstorage = "session";
       THIS.sessionmanagement = "yes";
       THIS.sessiontimeout = createTimeSpan(0,2,0,0);
       THIS.setClientCookies = "yes";
       THIS.setDomainCookies = "no";
       THIS.scriptProtect = "all";
</cfscript>

</cfcomponent>

<cfcomponent output="no">
<cfscript>
       THIS.name = "TEST";
       THIS.applicationTimeout = createTimeSpan(0,2,0,0);
       THIS.clientmanagement = "yes";
       THIS.loginstorage = "session";
       THIS.sessionmanagement = "yes";
       THIS.sessiontimeout = createTimeSpan(0,2,0,0);
       THIS.setClientCookies = "yes";
       THIS.setDomainCookies = "no";
       THIS.scriptProtect = "all";
</cfscript>

<cffunction name="onRequestStart" returntype="void" output="no">
<cfif NOT IsDefined("Session.LoggedIn")>
<cfset Session.LoggedIn=False>
</cfif>
<cfif Session.LoggedIn EQ False>
<cfif NOT (CGI.PATH_INFO EQ "/members/loginscript.cfm")>
<cflocation url="[URL to kick person out of members scetion]" addtoken="No">
</cfif>
</cfif>
</cffunction>

</cfcomponent>

This topic has been closed for replies.

A

Anonymous

I have the same problem with IE9. I have found that my sites work perfectly if I use Inprivate Browsing. Inprivate Browsing changes Cookie management in IE9.

I still need a clean solution.

A

Anonymous

Hi,

I know this is an old post, but I am wondering if there is a fix for this. I am running CF9 and having problem maintaining session in some (but not all) IE browsers. I currently use IE11 on windows 7 and it doesn't work for me. I know there is no issue with many other people running IE and there is definitely no problem with Firefox and Chrome. Only solution so far is to use InPrivate browsing as the poster above suggested.

Thanks.

BKBK

Community Expert

You could make the logic neater, like this

<cfscript>
       THIS.name = "TEST";
       THIS.applicationTimeout = createTimeSpan(1,0,0,0);
       THIS.clientmanagement = "yes";
       THIS.loginstorage = "session";
       THIS.sessionmanagement = "yes";
       THIS.sessiontimeout = createTimeSpan(0,0,20,0);
       THIS.setClientCookies = "yes";
       THIS.scriptProtect = "all";
</cfscript>

</cffunction>

</cffunction>

</cfcomponent>

In any case, I miss the code logic that sends the visitor to the login page.

H

hoWIWebAuthor

Participating Frequently

BKBK,

Thanks for the cleaner code, but honestly it didn't work. In Firefox I get a message saying that the page will not resolve. I'll look at it again to see if I missed anything. For what it's worth here is the actual flow of the login process with the script.

Step 1 - User is on homepage (homepage sits in root directory with separate Application.cfc file setup for more public access)

Step 2 - On entering username and pass the login form is called which sits in the members directory (see below) - the simplified Application.cfc file for the members directory is what I wrote above

<cftry>

<cfquery name="login">
SELECT FirstName, Username, Password
FROM table
WHERE Username = <cfqueryparam value="#user#" cfsqltype="cf_sql_varchar" maxlength="12">
</cfquery>

<cfif login.RecordCount EQ 1 AND Hash("#form.Password#") IS login.Password>

<cflocation url="membershomepage.cfm" addtoken="No">

Step 3 - Assuming user/pass match the user is directed to the members only homepage which sits in the same members directory with the new Application.cfc file.

BKBK

Community Expert

There was one vital piece of logic still missing. Take another look at the following extract from Application.cfc

</cfif>

When the uninvited visitor is sent to page_to_kick_person_out_of_members_section.cfm, ColdFusion again includes the code from Application.cfc, as it does for every request. Hence, ColdFusion reruns onRequestStart, redirects the visitor to page_to_kick_person_out_of_members_section.cfm, and the cycle starts all over again. Without any stopping condition, this piece of code will run indefinitely.

Here is one way to prevent the infinite cycle

</cfif>

A

Anonymous

Just to eliminate any possible bug in CF, have you tried to let the Session time out before the Application?

H

hoWIWebAuthor

Participating Frequently

Yes, I have changed the Application to 4 hours and kept the Session at 2 hours. I tried it at 1pm today and was actually able to get in using IE9. Later around 6pm it just hangs when I enter a username and password and hit the submit button. I immediately went to Firefox and login was instantaneous.Went back to IE (closed all browser windows), and it just hangs on login attempt. It has to be something with sessions, cookies, DSN, etc. that makes IE work only once in a while. Firefox works every time.

A

Anonymous

OK. I guess you can confirm that the value of Session.LoggedIn is _ALWAYS_ False if you test for it in the loginscript.cfm file with eg.

<cfoutput> #Session.LoggedIn# </cfoutput> and _BEFORE_ the user/pass has been verified or not.

I also presume that once you are inside this script and the user/pass is correct, #Session.LoggedIn# changes to True ?

And again I guess you have tested it with a similar <cfoutput> #Session.LoggedIn# </cfoutput> entry to verify this?

Also , if the user/pass is invalid, #Session.LoggedIn# remains False. This runs perfect in Firefox, yes ?

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded