Table of Contents
Advertisement
Using the cflogin tag
The
tag executes only if there is no currently logged-in user. It has the following three
cflogin
optional arguments that control the characteristics of a ColdFusion login:
Attribute
idleTimeout
applicationToken
cookieDomain
Login identification scope and the applicationToken attribute
The login identification created by the
that contains the page that uses the
requests a page in another directory tree, the current login credentials are not valid for accessing
those pages. This security limitation lets you use the same user names and passwords for different
sections of your application (for example, a UserFunctions tree and a SecurityFunctions tree) and
enforce different roles to the users depending on the section.
ColdFusion uses the
rule. The default
cfapplication
the
tag.
cflogin
Specifying the internet domain
Use the
cookieDomain
logged-in. You use
www.acme.com, www2.acme.com, and so on). This lets the cookie work for all machines in the
cluster. For example, to ensure that the cookie works for all servers in the acme.com domain,
specify
cookieDomain=".acme.com".
Getting the user ID and password
The
tag has a built-in cflogin structure that contains two variables, cflogin.username and
cflogin
cflogin.password, if the page is executing in response to any of the following:
•
Submission of a form that contains input fields with the names
•
A message from the Macromedia Flash Remoting gatewayConnection object that has the
setCredentials
•
A request that uses CFHTTP Basic authentication, and therefore includes an Authorization
header with the username and password.
•
A request that uses NTLM or Digest authentication. In this case, the username and password
are hashed using a one-way algorithm in the Authorization header; ColdFusion gets the
username from the web server and sets the cflogin.password value to the empty string.
Use
If no page requests occur during the idleTimeout period, ColdFusion logs out
the user. The default is 1800 seconds (30 minutes). This is ignored if login
information is stored in the Session scope.
Limits the login validity to a specific application as specified by a ColdFusion
page's
cfapplication
Specifies the domain of the cookie used to mark a user as logged-in. You use
cookieDomain if you have a clustered environment (for example, x.acme.com,
x2.acme.com, and so on). This lets the cookie work for all the computers in the
cluster.
cflogin
applicationToken
value is the current application name, as specified by a
applicationToken
tag. In normal use, you do not need to specify an
attribute to specify the domain of the cookie used to mark a user as
if you have a clustered environment (for example,
cookieDomain
method set.
tag. The default value is the current application name.
tag is valid only for pages within the directory
cflogin
tag and any of its subdirectories. Therefore, if a user
value to generate a unique identifier that enforces this
To specify a domain name, start the name with a period.
Using ColdFusion security tags and functions
value in
applicationToken
and
j_username
j_password
.
353
Advertisement
Table of Contents
Troubleshooting
