Is a CFLogin replacement necessary or am I missing something?

StackOverflow https://stackoverflow.com/questions/4094132

Question

I'm seriously considering moving away from CF8 cflogin because it is tied to the server that spawned the login. In a load balanced environment you're stuck with sticky sessions if you don't do a custom implementation.

Does anyone have any source that mimics CFLogin that writes to and is managed from the client scope? Maybe even a design that matches up well with a rename replace on isuserin[any]role.

What should I be thinking about when I consider writing a replacement implementation for CFLogin?

Was it helpful?

Solution

Here is a basic non cflogin approach using variables stored in the CLIENT scope. We use a similar approach for non-sticky sessions across our server cluster behind our load balancer.

This code should live in Application.cfc -> onRequestStart() method:

<!--- handle login *post* --->
<cfif structKeyExists(FORM, "pageaction") and FORM.pageAction eq "adminlogin">

<!--- attempt to log user in --->

    <cfif loginSuccessful>

        <!--- Set client variables for session management --->
        <cfset CLIENT.lastHit = now() />
        <cfset CLIENT.loggedIn = 1 />

        <!--- redirect to home page --->

    <cfelse>

        <!--- redirect to login page with message --->

    </cfif>

<!--- all other requests, except for the login page --->
<cfelseif structKeyExists(CLIENT, "lasthit") and structKeyExists(COOKIE, "cfid") and structKeyExists(CLIENT, "cfid") and listLast(CGI.SCRIPT_NAME, "/") neq "login.cfm">    

    <!--- Check for timeout --->
    <cfif (datediff("n", CLIENT.lastHit, now()) lte 10) and (CLIENT.loggedIn is 1) and (CLIENT.cfid is COOKIE.cfid)>

        <!--- record last hit --->
        <cfset CLIENT.lastHit = now() />

    <cfelse>

        <!--- timeout! redirect to login page --->
        <cflocation URL="http://mydomain/login.cfm" addtoken="false" /> 

    </cfif> 

</cfif>

There is user role stuff, but I hope this helps as a starting point.

OTHER TIPS

I customized the CF Login Wizard through Dreamweaver to be portable and to use a db table for authentication and role management. Because of this,I can use it either as a single-user login, or multiple account logins. I never have used cflogin and haven't needed to. I just drop the files into the directory, customize the login credentials, and that is it. Works perfect every time.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top