Login problem

[vchris]

The only thing accessible on the site I'm working on is a login page. So I have login_e.cfm and Application.cfm and then a secure folder called secure that contains the site and another Application.cfm.My problem is that when I log in with the correct info, the login page reloads and if I refresh the page or click login again without any info in the fields, I'm redirected to the secure folder and I'm logged in. For some reason I have to reclick or refresh the page myself. Same thing happens on logout. I have to reclick the logout button.I have a session variable called LoggedIn. By default it's 0 and when the user is logged in it's 1. Login_e.cfm

<cfif isDefined('form.login')>	  <cfif len(form.uname) gt 0 AND len(form.pword) gt 0>		<cfif form.uname eq 'a' AND form.pword eq 'b'>			<cfset Session.LoggedIn = 1>		</cfif>		<h3>Loggin unsuccessful</h3>	<cfelse>		<h3>Username and password are required.</h3>	</cfif>  </cfif>

Public Application.cfm

<cfapplication name="PRTRSite" sessionmanagement="yes" sessiontimeout="10" clientmanagement="no"><cflock type="exclusive" scope="session" timeout="10">	<cfparam name="Session.LoggedIn" default="0"></cflock><cfif Session.LoggedIn eq 1>	<cflocation url="secure/index_e.cfm"></cfif>

Private Application.cfm

<cfapplication name="PRTRSite" sessionmanagement="yes" sessiontimeout="10" clientmanagement="no"><cflock type="exclusive" scope="session" timeout="10">	<cfparam name="Session.LoggedIn" default="0"></cflock><cfif Session.LoggedIn eq 0>	<cflocation url="../login_e.cfm"></cfif>

Do I have to redirect myself? Won't Application.cfm do it automatically?

[Skemcin]

Why do you need two seperate application.cfm pages?In any case, try using client side redirects - use javascript instead of the cflocation - see if that makes a difference. My guess would be that the cflocation is never giving the client a chance to register itself as being logged in - I only use cflocation with 301 redirects - everything else I waste the bandwidth and go back to the client so I know anything I have defined on that page prior to the redirect will hold.OLD

<cfif Session.LoggedIn eq 0>	<cflocation url="../login_e.cfm"></cfif>

NEW

<cfif Session.LoggedIn eq 0><script language="javascript" type="text/javascript">// alert('Optional Alert Message.\nClick OK to Continue.');document.location="../login_e.cfm";</script></cfif>

[vchris]

I'm testing the development site on the live server and it seems like I can't login. I get a CF error but I was able to login on the dev server. I only have 1 application.cfm now.

An error occurred while evaluating the expression: Session.allowin="true"Error near line 18, column 9.Symbol Session.allowin is in a scope that contains data shared across threads and cannot be accessed without an active lockThe error occurred while processing an element with a general identifier of (CFSET), occupying document position (18:3) to (18:32) in the template file /magma/users/u40/environ/public_html/PRTR/validate_e.cfm.Date/Time: Wed Dec 20 14:15:41 2006Browser: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1Remote Address: 199.212.18.131

Application.cfm

<cfapplication sessionmanagement="Yes" sessiontimeout="10" name="prtr" clientmanagement="No"><cflock type="EXCLUSIVE" scope="SESSION" timeout="10"><cfparam name="Session.UserName" default=""><cfparam name="Session.LoggedIn" default="0"><cfparam name="Session.UserType" default=""><cfparam name="session.allowin" default="false"></cflock><cfif session.allowin neq "true">	<cflocation url="index_e.cfm" addtoken="no">	<cfabort>	<cfelse>		<form name="loginform" action="validate_e.cfm" method="get"><input type="hidden" name="user_required" value="Please input a Username"><input type="hidden" name="pass_required" value="Please input a Password"><p>Username: <input type="text" name="user"></p><p>Password: <input type="password" name="pass"></p><p><input type="submit" value="Submit" name="loginsubmit"></p></form></cfif>

[Skemcin]

try using:#createtimespan(0,0,2,0)#for your sessiontimeout attribute in your <cfapplication> tag. That would be days, hours, minutes, seconds.Then, try it without the cflock, too.See if that helps.

<cfapplication sessionmanagement="Yes" sessiontimeout="#createtimespan(0,0,10,0)#" name="prtr" clientmanagement="No"><cfparam name="Session.UserName" default=""><cfparam name="Session.LoggedIn" default="0"><cfparam name="Session.UserType" default=""><cfparam name="session.allowin" default="false"><cfif session.allowin neq "true">	<cflocation url="index_e.cfm" addtoken="no">	<cfabort>	<cfelse>		<form name="loginform" action="validate_e.cfm" method="get"><input type="hidden" name="user_required" value="Please input a Username"><input type="hidden" name="pass_required" value="Please input a Password"><p>Username: <input type="text" name="user"></p><p>Password: <input type="password" name="pass"></p><p><input type="submit" value="Submit" name="loginsubmit"></p></form></cfif>

[vchris]

Doesn't seem to work. I think the live server has different settings on it...

[Skemcin]

Try a couple of these solutions:http://www.google.com/search?q=is+in+a+sco...+an+active+lock

[vchris]

Seems like the web server uses Allaire ColdFusion. I never heard of that version before.

[Skemcin]

Seems like the web server uses Allaire ColdFusion. I never heard of that version before.

Sorry - busy week - anyway - Allaire - omg, too funny.Allaire is the last name of the original creators of the ColdFusion technology. Since then, its been bought out by Macromedia and Adobe - that is a total of 4 server versions. If it says Allaire - it is old (no offensive to Jeremy and JJ Allaire). So, is it version 3, most of the world is on version 7.0.2.

[vchris]

Must be. This week we tried using a method using cookies for the login that we found on their website FAQ and it didn't even work... You know how PHP can be set to a certain version in a control panel, well can CF be set the same way? Maybe it's still set to version Allaire but in fact version 6 or 7 is available. We still don't have access to the CP since only 2 people have access to it and 1 is gone for a couple years and another is gone to a French course and is hard to contact. Anyway I don't care, I'm gone for a week

[Skemcin]

Must be. This week we tried using a method using cookies for the login that we found on their website FAQ and it didn't even work... You know how PHP can be set to a certain version in a control panel, well can CF be set the same way? Maybe it's still set to version Allaire but in fact version 6 or 7 is available. We still don't have access to the CP since only 2 people have access to it and 1 is gone for a couple years and another is gone to a French course and is hard to contact. Anyway I don't care, I'm gone for a week

just do this on a page:<cfdump var="#server#">That will tell you everything (and a little more) than you need to know.

[vchris]

just do this on a page:<cfdump var="#server#">That will tell you everything (and a little more) than you need to know.

Is there other variables for cfdump? Is there one to view all data sources?

[Skemcin]

Hi,You can dump any scope:<cfdump var="#cgi#"><cfdump var="#cookie#"><cfdump var="#session#"><cfdump var="#form#"><cfdump var="#url#"><cfdump var="#server#"><cfdump var="#application#"><cfdump var="#request#"><cfdump var="#variables#"><cfdump var="#qryYourQueryName#">etc.But, I do not think any of those will return available datasources - those would have to be obtained from the ColdFusion Administrator - at least as far as I know.