Skip to main content
W
wilsonwf1
Participant
December 3, 2011
質問

How to automatically login a user after the account is provisioned

  • December 3, 2011
  • 返信数 1.
  • 3036 ビュー

My application uses cflogin and a loginform.cfm as is often shown for authenticating the user.  I have a form where a new user can register and create an account.  After I create the account, I want the user to already be authenticated and able to use the application.  However, I can't find a way to get this to happen.  The new user is brought to the loginform and asked to enter the username and password.  How can I bypass this step?

このトピックへの返信は締め切られました。

返信数 1

BKBK
Community Expert
BKBKCommunity Expert
Community Expert
December 4, 2011

I'll assume you log users in using cflogin and cfloginuser.Then getAuthUser() will contain the user's username. If the user is not logged in, getAuthUser() will return an empty string.

You could therefore use getAuthUser() to prevent ColdFusion from sending a logged-in user to the login form. However, that isn't neat. It in fact suggests your design should be improved.

If you did indeed implement cflogin and cfloginuser the recommended way, then ColdFusion will bypass the cflogin tag when a user is logged in. To implement that part correctly, find the code that sends a user to the login form and place it within the context of the cflogin tag. Also, I would set the loginStorage attribute to "session". That will ensure that the login persists for the duration of the session, while the user navigates from one page to the next.

You did enforce login for a reason. So I'll assume that there are certain pages or parts of your application that you wish to expose only to users who have logged in. For those pages or parts, you could do something like

<cfif getAuthUser() is not "">

<!--- functionality to expose only to logged-in user --->

</cfif>

W
wilsonwf1作成者
Participant
December 13, 2011

The problem is that the user is not logged in because he's a new user.  getAuthUser returns an empty string.  The new user goes to a form to sign up for an account and enters new user name and password.  I save that in the database.  At this point the user is still NOT logged in but I have his username and password.

Now I could just take the new user to the login screen and have him reenter the username and password and he would be logged in.  But this seem like an extra step.  I want to call the cflogin functions and log the user in WITHOUT going to the login screen and WITHOUT him reentering his username and password.  I want to use the data that he used to create the account to log him in behind the scenes.  But I can figure out how to do that.

BKBK
Community Expert
BKBKCommunity Expert
Community Expert
December 13, 2011

wilsonwf1 wrote:

The problem is that the user is not logged in because he's a new user.  getAuthUser returns an empty string.  The new user goes to a form to sign up for an account and enters new user name and password.  I save that in the database. 

I wouldn't save the information in the database just yet. Not before validating it.

You should do some validation (a check if the username and password meet your requirements) on the action page of the sign-up form. Here are some common requirements:

- username must be longer than 3 characters and shorter than 11

- username for new user may not already occur in the database

- password must only contain alphanumeric characters

- password must be longer than 5 characters and shorter than 11

- neither username nor password may contain <tags>

Naturally, the more secure you wish your site to be, the stricter and more elaborate your requirements should be.

The validation is usually done by means of a function. For example, you simply call the function, passing it the username, password and other user-relevant information. It returns you a struct that contains a status(whether validation successful or not) and a message(where validation failed, for example, the reason why).

If the validation fails, take the user back to the sign-up page. Also, let him know he isn't yet logged in, and the reason.

If the validation succeeds, then do something like this:

<!--- If user is new, then save username, password to database--->

<cfquery>

insert into user_table ... etc

</cfquery>

<cflogin>

<!--- If validation successful, log user in --->

<cfloginuser name=... etc>

<!--- Ideally, put/include code here that redirects user to login/sign-up page in the case where validation fails --->

</cflogin>

That's all there is to it. The user is now logged in. GetAuthUser will return the user's logged-in name. You should now take user to a page that lets him know he is logged in.

Notice that the code for logging in a returning user is the same as above. The only difference is that you wont have to insert his details again to the database.

I would also suggest you use the setting this.loginStorage="session" (in Application.cfc) or <cfapplication loginStorage="session"> (in Application.cfm). Then, ColdFusion will skip the cflogin tag, and getAuthUser will return the username, for the duration of the session.

[edit: Included more comments in cflogin tag.]

契約条件Accessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices