473,326 Members | 2,111 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

Securing Coldfusion application using cflogin

Following the guidance contained in Dreamweaver, I have declared a cflogin tag in the application.cfc file. This declaration contains an idletimeout setting of 10 seconds (N.B. 10 seconds for development purposes only).

Expand|Select|Wrap|Line Numbers
  1.  
  2. <cflogin idletimeout="10">
  3.  
  4.     <cfif Not IsDefined("cflogin")>
  5.         <cfinclude template="./loginform.cfm">
  6.     <cfelse>
  7.         {Authorisation functions}
  8.     </cfif>
  9.  
  10. </cflogin>
  11.  
I intended that the application return to the loginform when Coldfusion times out the users login session (after 10 seconds defined via idletimeout). This is not happenning and I would like to understand why.

If I request a page within the idletimeout period, the <cflogin> tag is ignored, as expected, and the GetAuthUser identity is defined as expected.

If I request a page after the idletimeout period, the <cflogin> tag is invoked, as expected, and the GetAuthUser identity is not defined, as expected. However, the cflogin.name and cflogin.pasword are still defined so the function simply logs me in again. Ideally, I would like the function to revert to the loginform.

I do not quite understand the cflogin structure, as I do not actually define it anywhere. I am using the cflogin structure as this is declared in the Dreamweaver guidance and it works!

Am I doing something wrong here and if so what should I do instead?

Regards

Blackmore
Aug 31 '07 #1
3 6439
acoder
16,027 Expert Mod 8TB
Which version of Coldfusion are you using?

What does your cfapplication tag look like?

Also, what is the sessionTimeout setting?
Sep 1 '07 #2
I am using Coldfusion MX7.

The sessiontimeout value is set at 10 seconds, but it is not set within a cfapplication tag. I've set it in the application.cfc.
i.e.

Expand|Select|Wrap|Line Numbers
  1. <cfcomponent>
  2.   <cfset this.sessiontimeout="#createtimespan(0,0,0,10)#" >
  3. <cfcomponent>
One question you might be able to answer
What is the scope of the cflogin structure? Is the lifetime of the cflogin structure defined by the sessiontimeout or the cflogin idletimeout value?

Regards

Blackmore
Sep 4 '07 #3
acoder
16,027 Expert Mod 8TB
One question you might be able to answer
What is the scope of the cflogin structure? Is the lifetime of the cflogin structure defined by the sessiontimeout or the cflogin idletimeout value?
See if this link helps.
Sep 4 '07 #4

Sign in to post your reply or Sign up for a free account.

Similar topics

11
by: Wm. Scott Miller | last post by:
Hello all! We are building applications here and have hashing algorithms to secure secrets (e.g passwords) by producing one way hashes. Now, I've read alot and I've followed most of the advice...
1
by: Scott McChesney | last post by:
Folks - We are running around and around here on a project we're developing, and I'm getting to the point that I don't know what I do and don't know. So I need some assistance. We are...
4
by: William Fields | last post by:
Hello, I'm trying to find out more information about ColdFusion and could not find what I'm looking for on Macromedia's website. My question has more to do with what ColdFusion is and how web...
2
by: am_pcguy | last post by:
I have a web based application for my company. We use Coldfusion, I wanted to see if I could use Javascript to make the page a bit more dynamic. Right now I use the command: <cfhttp...
0
by: cetram | last post by:
Hello! I'm trying to fix an appliaction created using ColdFusion MX and Oracle 9i. The application worked fine until our IT department reinstalled the oracle server. As far as I've been able to...
3
by: sj3vans | last post by:
I'm trying to integrate a ColdFusion application with a webAPI provided by another company to access their services. Their requirements are that requests should be generated using standard HTTP...
1
by: marcnz | last post by:
I have been charged of creating a coldfusion web site for our company. Our database has a ms sql 2005 backend and ms access frontend. Almost all tables are linked tables with the SQL database,...
10
by: Les Desser | last post by:
In article <fcebdacd-2bd8-4d07-93a8-8b69d3452f3e@s50g2000hsb.googlegroups.com>, The Frog <Mr.Frog.to.you@googlemail.comMon, 14 Apr 2008 00:45:10 writes Not sure if I quite follow that. 1....
7
by: SAL | last post by:
Hopefully someone will have a clue as to what is happening here. In our office, we have both ColdFusion and ASP.NET applications. One of our new developers has been installing ColdFusion 8 on the...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.