cflogin

<cflogin
  idletimeout = "value"
  applicationToken = "token"
  cookieDomain = "domain"
  ...
  <cfloginuser
    name = "name"
    password = "password-string"
    roles = "roles">
  ...>
</cflogin>

<cflogin>
  <cfloginuser 
    name  = "foo"
    password ="bar"
    roles = "admin">
</cflogin>
<cfoutput>Authorized user: #getAuthUser()#</cfoutput>
<cflogout>
<cfoutput>Authorized user: #getAuthUser()#</cfoutput>

Comments

Jon(Xnext) said on Aug 28, 2002 at 4:44 PM :

A good suggestion for a future release (maybe next SP) is to add some functionality that can be used to verify user role / user name without having to use the IsUserInRole() or GetAuth(), i.e.: cflogin.roles / cflogin.username. The dependence on IsUserInRole() and GetAuth() causes developers to stray from well-known ColdFusion best practices. For example, IsUserInRole() can not be properly used within a <switch> statement, forcing developers to use multiple <cfif><cfelseif><cfelse> loops, which is not a "best practice".

wow, I talk a lot.... ^_^

carehart@systemanage said on Sep 14, 2002 at 8:11 PM :

The first sentences describing this tag above are misleading and incorrect. It states:

"A container for user login and authentication code. ColdFusion checks the user-provided ID and password against a data source, LDAP directory, or other repository of login identification."

That's just not true. ColdFusion does not "check the provided ID and password". This explains some of the confusion people are having with this tag. As it more correctly states later "you put code in the body of the cflogin tag to check the user-provided ID and password against a data source, LDAP directory, or other repository of login identification."

pir2 said on Oct 1, 2002 at 10:58 AM :

<cflogin> HAS to be in the same function of <cfloginuser> in a cfc to login a user.

rnielsen said on Mar 18, 2003 at 11:24 AM :

Clarification regarding the cookieDomain attribute:

cookieDomain lets you specify the domain of the cookie that is used to mark a user as logged in. You would use this if you had a cluster with machine names like x.foo.com, x2.foo.com, etc. This lets the cookie work for all machines in the cluster.

Thanks to Ray Camden for this tip.

No screen name said on Oct 17, 2003 at 9:33 PM :

Although spelled correctly in the syntax code block, the idletimeout attribute is incorrectly spelled "idletimout" in the Attributes table. (I pasted the contents of the table below.)

(And thanks for all the work you put into CFMX to make it a great product!)

Attributes
Attribute Req/Opt Default Description
idletimout
Optional
1800
Time interval with no keyboard activity after which ColdFusion logs the user off. Seconds.

applicationtoken
Optional
the application name
Unique application identifier. Limits the login scope to an application context, so that logins cannot be created illegally.

cookiedomain
Optional

Domain for which the security cookie is valid.

No screen name said on Jan 11, 2004 at 3:56 PM :

Here's a simple CFC for checking to see if a user is in one of several roles:

<!--- code for isUserInRoles.cfc begins here --->
<cfcomponent>
<cffunction name="isUserInRoles" access="public" returntype="boolean">
<cfargument name="roles" type="string" required="true">
<cfscript>
for(i=1;i LTE ListLen(roles);i=i+1){
if (isUserInRole(ListGetAt(roles,i))) {return true;}
}
return false;
</cfscript>
</cffunction>
</cfcomponent>


An example of usage:

<cfset ur = createObject("component","path.to.components.isUserInRoles")>
<cfif ur.isUserInRoles("role1,role2,role3,role4")>
<!--- do something --->
</cfif>

No screen name said on Jul 27, 2004 at 7:45 PM :

Note for those of us that copy/paste; In the attributes table for <CFLOGIN> on this help page, the idletimeout argument is spelled incorrectly. An "e" is missing.

B.G.

mihlf said on Aug 24, 2004 at 7:48 AM :

Both cflogin and cflogout are stored somewhere on the server so that means if that your first login attempt on a username/password combo will use the <cflogin> tag but following attempts using the same username/password combo on either 1) different browser or 2) different machine will bypass the <cflogin> tag.

NetbasicsNL said on May 19, 2005 at 4:54 AM :

I have an intranet which authorises user with cflogin

can i use vspider to index the intranet?

NetbasicsNL said on May 31, 2005 at 11:01 AM :

Well, I've solved it.
I've added login functionaliteit to my application.cfm. When the bot is 'vspider', a login sequence is done for every page. The problem lies (I think) in the fact that a spider does not know or use a session. Therefor the login procedure is not "remembered" and has to be repeated for every page it visites.

No screen name said on Jun 27, 2005 at 3:24 AM :

It would be nice to see - in a future version - a remember me clause built into the login framework.

Also perhaps an emulation facility so someone with a set role i.e. admin can become another user in another role.

jrunrandy said on Jun 27, 2005 at 12:45 PM :

Thanks for posting your solution! I added enhancement request 60438 in response to this issue.