LogOut Issue

Report · Apr 23, 2014

Hi

When i logout from my index Page then Login Page Open but when i click on back button in Browser Then Index Page open. I want once logout then not open other when clik on back button in Browser page like facebook..

I add my code Follow:

Application.cfc

</cfif>

</cfif>

</cflogin>

</cffunction>

</cfcomponent>

index.cfm

<!DOCTYPE html>

<html>

<head>

<title>

Untitled Document

</title>

</head>

<body>

<h3>

Welcome to Photo Gallary.....

</h3>

<a href="logout.cfm">Logout</a>

</body>

</html>

login.cfm

<!DOCTYPE html>

<html>

<head>

<meta

http-equiv="Content-Type" content="text/html"; charset="utf-8"/>

<title>

Untitled Document

</title>

</head>

<body>

<tr>

<td>

User Name:

</td>

<td>

</td>

</tr>

<tr>

<td>

Password:

</td>

<td>

</td>

</tr>

<tr>

<td>

</td>

</tr>

</table>

</cfform>

<cfoutput>#request.errorMessage#</cfoutput>

</p>

</cfif>

</body>

</html>

logout.cfm

Report · Apr 23, 2014

Just 2 things. 1) The login code in onRequest would probably be better placed in onRequestStart. 2) The behaviour you observe is as expected. As a result of the cflocation, the browser thinks the visitor of login.cfm came from index.cfm. Anyway, it is generally considered bad practice to prevent the user from using the browser's back-button to go back. However, if you insist, google disable browser back button and you will find useful Javascript suggestions.

Report · Apr 23, 2014

Only google disable browser back button i can do this ya any other way to solve it? like by using session...In starting assisgn value in session and after logout destroy session like this ,if you have demo then please give me code...

Report · Apr 24, 2014

It is futile to try to control the bowser's back-button from the server. Controlling the behaviour of the browser is, in general, a matter for the browser, not for the ColdFusion server.

Button behaviour and navigation are among the decisions that the browser can make independently of the server. One notable example is that the browser may decide to serve a cached version of a page, rather than make a new trip to the server. So any booby-traps or cunning decoys you set for it would just be for nothing. That is why most developers implement such functionalities in Javascript.

Report · Apr 25, 2014

Hi

I dont want to apply disable browser back button...Have you any other way to solve it?

Report · Apr 26, 2014

As far as I can see, there is not much use in using the browser to prevent a logged out user from going back to index.cfm. This is all about authentication, so I think it is a server issue anyway. I can think of one consistent piece of server logic for that.

It makes sense to display the logout link only if the user is logged in. You could therefore test for this.

You could also check whether the user is already logged in, in deciding whether or not to display the login page. Both tests can be done by means of getAuthUser().

If the user has logged out or is not yet logged in, then getAuthUser() will be an empty string. For a user currently logged in, getAuthUser() returns the value of the name attribute of the cfloginuser tag.

Putting it all together, you should get something like:

</cfif>

</cfif>

</cflogin>

</cffunction>

index.cfm

<!DOCTYPE html>

<html>

etc., etc

<a href="logout.cfm">Logout</a>

</cfif>

</body>

</html>

Report · Apr 27, 2014

Hi,

I add code in my app according you above say for (check whether the user is already logged in, in deciding whether or not to display the login page.).But its not solve my above issue,

Report · Apr 29, 2014

Shraddha Prajapati wrote:
Hi,
I add code in my app according you above say for (check whether the user is already logged in, in deciding whether or not to display the login page.).But its not solve my above issue,

The code is not meant to solve the issue of going from login.cfm to index.cfm using the back-button. It is meant to make the issue irrelevant.

Report · Apr 29, 2014

BKBK wrote:
index.cfm
<!DOCTYPE html>
<html>
etc., etc
<cfif NOT (getAuthUser() is "")>
<a href="logout.cfm">Logout</a>
</cfif>
</body>
</html>

Even better:

index.cfm

<!DOCTYPE html>

<html>

etc., etc

<a href="login.cfm">Login</a>

</cfelse>

<a href="logout.cfm">Logout</a>

</cfif>

</body>

</html>

Report · Apr 29, 2014

Its not work.... I want once logout then not open other Page(Prev Page) , open Login Page ,when clik on back button in Browser , like facebook..

Report · Apr 30, 2014

We are now back to where we started. If you must, you should do it in Javascript.

If you insist on doing it at the server, start by telling the browser not to cache index.cfm (the page you don't want to be opened by back button).

index.cfm

<html>

<head>

</head>

Suppose a user requests index.cfm. If his last requested page is login.cfm, you want ColdFusion to send him back to the login page. Implement that logic in onRequestStart.

</cfif>

</cffunction>

Report · Apr 30, 2014

I got the error:

The web site you are accessing has experienced an unexpected error.
Please contact the website administrator.

The following information is meant for the website developer for debugging purposes.

Error Occurred While Processing Request

The requested scope session has not been enabled.
Before session variables can be used, the session state management system must be enabled using the cfapplication tag.

The error occurred in C:/ColdFusion10/cfusion/wwwroot/demo/demo1/Login3/Application.cfc: line 26
25 :<cfset current_page = listLast(arguments.targetPage, "/")> 26 : <cfif current_page is "index.cfm" and (isDefined("session.pageLastVisited") and session.pageLastVisited is "login.cfm")> 27 : <cflocation url="login.cfm"> 28 : </cfif>

Report · May 01, 2014

What you have to do is clear. Start the Application.cfc file with something like

Report · May 01, 2014

Please confirm what suggestions you have used before asking further questions. It would help the forum give you even better suggestions.

Report · May 01, 2014

Forget this...I am very confused in this...And also its no work....

Plz Give me the code of your demo of login Example, With Applicatio.cfc,login.cfm,index.cfm,logout.cfm Page..(Simple Demo with session and check whether the user is already logged in, in deciding whether or not to display the login page and solve with browser back button)

Report · May 01, 2014

The tips I have given you so far should work. It of course depends on how you implemented them. Could you show us your files: Application.cfc, login.cfm, index.cfm, and logout.cfm.

Report · May 01, 2014

Ok I give you my another login example code:

Application.cfc

component {

this.name="logindemo";

this.sessionManagement="true";

this.sessionTimeOut = createTimeSpan(0,0,0,15);

public boolean function onRequestStart(string req)

{

var append = "";

var togo = "";

//handle an authentication

if(structKeyExists(form, "login") && structKeyExists(form, "username") && structKeyExists(form, "password")) {

if(form.username == "admin" && form.password == "password") {

session.loggedin = true;

if(structKeyExists(session, "requestedurl")) {

togo = session.requestedurl;

structDelete(session, "requestedurl");

location(url=togo, addtoken=false);

}

} else {

append = "?error=1";

}

//force login if not authenticated

if(!session.loggedin && !find("login.cfm", arguments.req)) {

session.requestedurl = arguments.req & "?" & cgi.query_string;

if(!structIsEmpty(form) && !structKeyExists(form, "login")) session.formdata = serializeJSON(form);

location(url='login.cfm#append#',addtoken=false);

}

//Got Form?

if(session.loggedin && structKeyExists(session, "formData") and isJSON(session.formData)) {

structAppend(form,deserializeJSON(session.formData));

structDelete(session, "formData");

}

return true;

}

public void function onSessionStart() {

session.loggedin=false;

}

login.cfm

<h2>Please Login</h2>

<p>Use admin and password for your username and password.</p>

<p>You didn't enter the right credentials!</p>

</cfif>

username: <input type="text" name="username"><br/>

password: <input type="password" name="password"><br/>

</form>

index.cfm

<!DOCTYPE html>

<html>

<head>

<!---<meta http-equiv="cache-control" content="no-cache">

<title>

Untitled Document

</title>

</head>

<body>

<h3>

Welcome to Photo Gallary.....

</h3>

<a href="logout.cfm">Logout</a>

</body>

</html>

logout.cfm

In this Example only one problem ,Browser back button issue....I dont want to disable it(Browser back button)..I want to find other way to solve it ....Once logout and click on Browser back button, then open only login page.....

Report · May 01, 2014

Shraddha Prajapati wrote:
Ok I give you my another login example code:

You have changed to yet another example. This is what I advised you in a previous post to avoid. If you continue to add new parts to the code before correcting the existing code, you will generate a lot of complexity. That will make debugging difficult.

Report · May 01, 2014

You have not implemented the following suggestions I gave you:

1) define the application variables in Application.cfc (For example, I suggested a session timeout of 20 minutes. Your current value of 15 seconds is unrealistic.);

2) use meta tags in index.cfm to prevent caching;

3) use the variable session.pageLastVisited in onRequestStart to prevent the user going back to index.cfm.

Report · May 04, 2014

hi , I apply your above 3 suggestions in my new Demo:

index.cfm

<!DOCTYPE html>

<html>

<head>

<title>

Untitled Document

</title>

</head>

<body>

<h3>

Welcome to Photo Gallary.....

</h3>

<a href="logout.cfm">Logout</a>

</body>

</html>

Application.cfc

component {

this.name="logindemo";

this.datasource = "TestingDataSource";

this.applicationTimeout = "#createTimespan(1,0,0,0)#";

this.sessionManagement="true";

this.sessionTimeOut = createTimeSpan(0,0,0,15);

this.loginStorage = "session";

public boolean function onRequestStart(string req)

{

var append = "";

var togo = "";

var targetPage="";

current_page = listLast(targetPage, "/");

if(current_page is "index.cfm" & (isDefined("session.pageLastVisited") and session.pageLastVisited is "login.cfm"))

{

location(url="login.cfm");

}

session.pageLastVisited = current_page;

//handle an authentication

if(structKeyExists(form, "login") && structKeyExists(form, "username") && structKeyExists(form, "password")) {

if(form.username == "admin" && form.password == "password") {

session.loggedin = true;

if(structKeyExists(session, "requestedurl")) {

togo = session.requestedurl;

structDelete(session, "requestedurl");

location(url=togo, addtoken=false);

}

} else {

append = "?error=1";

}

//force login if not authenticated

if(!session.loggedin && !find("login.cfm", arguments.req)) {

session.requestedurl = arguments.req & "?" & cgi.query_string;

if(!structIsEmpty(form) && !structKeyExists(form, "login")) session.formdata = serializeJSON(form);

location(url='login.cfm#append#',addtoken=false);

}

//Got Form?

if(session.loggedin && structKeyExists(session, "formData") and isJSON(session.formData)) {

structAppend(form,deserializeJSON(session.formData));

structDelete(session, "formData");

}

return true;

}

public void function onSessionStart() {

session.loggedin=false;

}

Report · May 04, 2014

But its not work....

Report · May 05, 2014

Shraddha Prajapati wrote:

this.sessionTimeOut = createTimeSpan(0,0,0,15);

As I said earlier, 15 seconds is impractical. Use 20 minutes, for example.

public boolean function onRequestStart(string req)

{

var append = "";

var togo = "";

var targetPage="";

current_page = listLast(targetPage, "/");

That is inconsistent with the code I gave you, and will of course fail because targetPage is an empty string. The correct code is

public boolean function onRequestStart(string targetPage)

{

var current_page = listLast(arguments.targetPage, "/");

Report · May 05, 2014

Ok.I cange my code above you say...

this.sessionTimeOut = createTimeSpan(0,0,0,20);

public boolean function onRequestStart(string targetPage)

{

var current_page = listLast(arguments.targetPage, "/");

But its not work......

Report · May 05, 2014

Shraddha Prajapati wrote:

Ok.I cange my code above you say...

this.sessionTimeOut = createTimeSpan(0,0,0,20);

That is 20 seconds. Twenty minutes is createTimeSpan(0,0,20,0).

But its not work......

Why does it fail? What are the error messages? Could you please give us some details.

Report · May 05, 2014

Shraddha Prajapati wrote:

if(current_page is "index.cfm" & (isDefined("session.pageLastVisited") and session.pageLastVisited is "login.cfm"))

if(structKeyExists(form, "login") && structKeyExists(form, "username") && structKeyExists(form, "password"))

if(form.username == "admin" && form.password == "password")

if(!session.loggedin && !find("login.cfm", arguments.req))

if(!structIsEmpty(form) && !structKeyExists(form, "login"))

if(session.loggedin && structKeyExists(session, "formData") and isJSON(session.formData))
...

But its not work......

Stay with traditional Coldfusion syntax, and you should be all right.

if(current_page is "index.cfm" AND (isDefined("session.pageLastVisited") and session.pageLastVisited is "login.cfm"))

if(structKeyExists(form, "login") AND structKeyExists(form, "username") AND structKeyExists(form, "password"))

if(form.username EQ "admin" AND form.password EQ "password")

if(NOT session.loggedin AND NOT find("login.cfm", arguments.req))

if(NOT structIsEmpty(form) AND NOT structKeyExists(form, "login"))

if(session.loggedin AND structKeyExists(session, "formData") and isJSON(session.formData))

LogOut Issue

1 Correct answer

The requested scope session has not been enabled.

Photos