Securing Coldfusion application using cflogin

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Blackmore
    New Member
    • Mar 2007
    • 25
    #1

    Securing Coldfusion application using cflogin

    Following the guidance contained in Dreamweaver, I have declared a cflogin tag in the application.cfc file. This declaration contains an idletimeout setting of 10 seconds (N.B. 10 seconds for development purposes only).

    [CODE=cfm]
    <cflogin idletimeout="10 ">

    <cfif Not IsDefined("cflo gin")>
    <cfinclude template="./loginform.cfm">
    <cfelse>
    {Authorisation functions}
    </cfif>

    </cflogin>
    [/CODE]

    I intended that the application return to the loginform when Coldfusion times out the users login session (after 10 seconds defined via idletimeout). This is not happenning and I would like to understand why.

    If I request a page within the idletimeout period, the <cflogin> tag is ignored, as expected, and the GetAuthUser identity is defined as expected.

    If I request a page after the idletimeout period, the <cflogin> tag is invoked, as expected, and the GetAuthUser identity is not defined, as expected. However, the cflogin.name and cflogin.pasword are still defined so the function simply logs me in again. Ideally, I would like the function to revert to the loginform.

    I do not quite understand the cflogin structure, as I do not actually define it anywhere. I am using the cflogin structure as this is declared in the Dreamweaver guidance and it works!

    Am I doing something wrong here and if so what should I do instead?

    Regards

    Blackmore
    Last edited by acoder; Sep 1 '07, 11:11 AM. Reason: fixed code tag
    Tags: None
    • acoder
      Recognized Expert MVP
      • Nov 2006
      • 16032
      #2
      Which version of Coldfusion are you using?

      What does your cfapplication tag look like?

      Also, what is the sessionTimeout setting?

        Comment

        • Blackmore
          New Member
          • Mar 2007
          • 25
          #3
          I am using Coldfusion MX7.

          The sessiontimeout value is set at 10 seconds, but it is not set within a cfapplication tag. I've set it in the application.cfc .
          i.e.

          Code:
          <cfcomponent>
  <cfset this.sessiontimeout="#createtimespan(0,0,0,10)#" >
<cfcomponent>
          One question you might be able to answer
          What is the scope of the cflogin structure? Is the lifetime of the cflogin structure defined by the sessiontimeout or the cflogin idletimeout value?

          Regards

          Blackmore

            Comment

            • acoder
              Recognized Expert MVP
              • Nov 2006
              • 16032
              #4
              Originally posted by Blackmore
              One question you might be able to answer
              What is the scope of the cflogin structure? Is the lifetime of the cflogin structure defined by the sessiontimeout or the cflogin idletimeout value?
              See if this link helps.

                Comment

                Previous template Next
                Working...