A

Anonymous

Question

Logout not fully working right.

Forum|Forum|14 years ago
February 21, 2012
2 replies
1404 views

I have this login form that goes to the application.cfc to make sure the user is in the DB then allows the user to continue to the folder according to the users access privileges. The login works fine and all, but if you hit "logout" which goes to a <cflogout> file and logs the user out as you would except. Here's when the problem begins. When you go to the login screen again WITHOUT closing the browser i can enter anything in the login for and it will log me in. So now the cfc file won't recheck the login information given and allows me to go straight to the folder which i DO NOT want people to view unless the are allowed to.

I have tried to clear the session and the cookies in the browser. One thing i should add is that IF i fully close the browser it will do the login verification again if i launch the login form. I will admit that this is new to me, so any help would be great.

I hope i given everything needed to see my problem and that i have explained it enough.

--------- Login form ------------

<cfoutput>Incorrect login; please try again</cfoutput>

Please Log in.

</cfif>

</td>

</tr>

<tr>

<td>

<font size="-1">Email:</font>

</td>

<td>

<cfinput type="text"

class="textfield"

name="j_UserName"

required="yes"

message="- You must enter your User Name!">

</td>

</tr>

<tr>

<td>

<font size="-1">Password:</font>

</td>

<td>

<cfinput type="password"

class="textfield"

name="j_Password"

required="yes"

message="- You must enter a password!">

</td>

</tr>

<tr>

<td>

</td>

</tr>

</table>

</cfform>

----------- Application.cfc ----------------

SELECT UserEmail, UserPassword, UserRoleID, UserID

FROM UsersAccess

WHERE UserEmail = <cfqueryparam value="#cflogin.Name#" cfsqltype="cf_sql_varchar">

AND UserPassword = <cfqueryparam value="#cflogin.Password#" cfsqltype="cf_sql_varchar">

</cfquery>

<cfloginuser name="#cflogin.name#"

password="#cflogin.password#"

roles="#qLogin.UserRoleID#">

</cfif>

</cfif>

</cflogin>

</cffunction>

</cfcomponent>

-------- Logout form ----------

</cflock>

This topic has been closed for replies.

BKBK

Community Expert

I have one question and two suggestions.

Question: How do you know this: "When you go to the login screen again WITHOUT closing the browser i can enter anything in the login for and it will log me in."?

Suggestions:

(1)

</cfif>

</cflogin>

(2)

A

Anonymous

The answer to your question. When i hit the logout it redirects to the home page of the website, then i hit the link to go to the login page again and enter something like " User: rftyui PW: fgyhujik" it logs in and shows the information i was able to see with the correct login information.

One thing i did notice is that the links in the required login content doesn't have the userID information in the links IF i enter the rubbish info in the login form. Also when i do close the browser and reopen it and go to the login screen and enter the rubbish info it does give me the login error. So for some reason the verification in the CFC file doesn't recheck.

I am using the developer tool addon for FF and IE and it shows when i logout that there's still CFID and CFTOKEN cookies. So the <cfcookie> tag doesn't seem to be deleting them on logout, not sure why though.

BKBK

Community Expert

A quick question: shouldn't you be using loginPage.cfm where you now use index.cfm?

</cfif>

As your code now stands, if the user isn't logged in and doesn't come from the login page, he will be sent to index.cfm. That doesn't seem right. He should get the login form.

A

Anonymous

Before trying to findout solution to your problem i would like to suggest you not to check for DB(authentication proceess to validate user) inside onRequestStart of Application.cfc.

Because this method is to be executed on start of each and every request made which u might not want. Rather create a different component inside which do this DB related stuffs inside a function.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded