Home | Projects | Contact Me

WhosOnCFC and secured web sites

Posted At : November 27, 2007 1:07 PM | Posted By : Shane Zehnder
Related Categories: WhosOnCFC

This is a post I actually started writing about two months ago and just never got around to finishing it.  With the release of WhosOnCFC it is a bit more relevant because of the number of people who downloaded it.  Most people probably are more or less playing around with it, but if you want to use it to integrate into your security it does work rather well.

I will have to admit I am not a huge fan of the Coldfusion based login.  The method I generally use is to set a client scoped variable to the UserID and default it to zero for an unknown client, i.e., client.userid=0.  That way, the first time a client hits my web site it automatically defaults to a guest client.  That is handy, but what if the client has logged in before and already has their UserID set?  If someone comes back to my site two weeks later it would be nice if I were able to force them to log back in.

WhosOnCFC 1.1.1 makes this easier.  WhosOnPageTracker() returns a boolean value by default.  If the user is currently being tracked the function will be true, if not it will return false and this is how we will force the user to log back in.  In application.cfm I have the code setup as so:

<cfif application.whoson.WhosOnPageTracker(whoson=thisRequest) is 0>
    <cfset client.userid=0>
</cfif>

This means that even if the client.userid was a valid value before, if they are not being tracked (perhaps because their session expired) it forces there userid to zero.  At the bottom of application.cfm we have this code:

<cfif client.userid eq 0>
    <cfif FindNoCase("/login.cfm",CGI.SCRIPT_NAME,1) eq 0>
        <cflocation url="/login.cfm" addtoken="no">
    </cfif>
</cfif>

This accomplishes two things if the userid is zero.  First, we check to make sure we are not on our login page, we do not want to get thrown into an infinite loop if we are on the login page.  If we are not, we redirect the client to the login page so they can properly login.

Well, I would like to apologize in advance if my post is wandering.  I am sick as a dog at the moment, that is my only excuse.  I hope this helps anyone trying to get WhosOnCFC worked into the current security scheme.  As always, any comments or suggestions are welcomed.



Comments (0) | Print | Send | del.icio.us | Digg It! | Linking Blogs | 349 Views
Comments

There are no comments for this entry.

[Add Comment]
Layout: Shane Zehnder ::: BlogCFC was created by Raymond Camden. ::: This blog is running version 5.9.