MACROMEDIA COLDFUSION 5-DEVELOPING Develop Manual page 384

364
response is checked against the list of valid users defined for the current security
context.
If the user passes the authentication step, the requested page appears. The
application uses the CGI variables
the originally requested page so that it can display that page after the user is
authenticated.
All pages governed by this Application.cfm page — those in the same directory as
Application.cfm and in its subtree — automatically invoke this authentication test.
Note
To use this code in your own Application.cfm page, change the application name
and security context name to match your application and security names.
Example: Application.cfm
<cfapplication name="Orders">
<cfif NOT IsAuthenticated()>
<!--- The login form was submitted. Try authenticating --->
<!--- Security error in login occurred. Show login again --->
<!--- The login was not detected. Show login again--->
<!--- Show the login form --->
<!--- Recreate the url used to call the requested page --->
<!--- The user is not authenticated --->
<cfset showlogin="No">
<cfif IsDefined("form.username") AND IsDefined("form.password")>
<cftry>
<cfauthenticate securityContext="Orders"
username="#form.username#"
password="#form.password#"
setCookie="YES">
<cfcatch type="security">
<h3>Invalid Login</h3>
<cfset showLogin="Yes">
</cfcatch>
</cftry>
<cfelse>
<cfset showlogin="Yes">
</cfif>
<cfif showlogin>
<cfset url="#cgi.script_name#">
<cfif cgi.query_string IS NOT "">
<cfset url=url & "?#cgi.query_string#">
</cfif>
Chapter 19 Application Security
and
script_name query_string
to keep track of