In coldfusion: how to remember that a user has logged in?

Question

I have a username/password on a login page, which goes to 'member' page. Basically, I used a statement that finds the number of rows in a SQL query, and if it's not 1 (the correct username/password combination), then it redirects back to the login page.

However, on the 'member' page, there are forms to do various things, like add new rows to a table using SQL, or return queries of joined tables. These forms also link back to this 'member' page, but the conditions for logging in (which requires a username variable and password variable) would no longer be met.

So, how do I get the server to remember whether a user is logged on or not?

Answer 1

In the application.cfm or application.cfc, you will need to enable sessionManagement = true so you can start tracking variables across page requests. Then when a user logs in, you will set a variable like isAuthenticated = true. Only redirect to the login page if the isAuthenticated = false or undefined (you can set a default using cfparam in onSessionStart of Application.cfm)

Rough example, assuming you are using ColdFusion 9+ Application.cfc

component {
    this.name = 'myApplication';
    this.SessionManagement = true;

    public function onSessionStart() {
        param name='session.isAuthenticated' default=false;
    }
}

checkAuthentication.cfm

<cfscript>
if (!session.isAuthenticated) {
    // send to login page
}
</cfscript>

In your login processing page, make sure you set session.isAuthenticated to true, and then it should skip checking / asking for the login. You can also look into the built-in authentication functions of CFLOGIN.

Hope that helps a bit.