Logging A User In Using Flash Remoting; Logging Users Out - MACROMEDIA COLDFUSION MX 61-DEVELOPING COLDFUSION MX Develop Manual

The cflogin structure provides a consistent interface for determining the user's login ID and
password, independent of the technique you use for displaying the login form.
Caution: Login forms send the username and password without encryption. Basic HTTP
authentication sends the user name and password in a base64-encoded string with each request.

Logging a user in using Flash Remoting

If you are developing a Rich Internet Application with Macromedia Flash, you use the
ActionScript
SetCredentials
SWF file displays the user ID and password fields, and uses their contents in the
setCredentials
if (inited == null)
{
inited = true;
NetServices.setDefaultGatewayUrl("http://localhost/flashservices/gateway");
gatewayConnection = NetServices.createGatewayConnection();
gatewayConnection.setCredentials(userID, password);
myService = gatewayConnection.getService("securityTest.thecfc", this);
}
Your ColdFusion application does not need to be coded specially for a Flash login. The Flash
Remoting gateway makes the user ID and password available to the
structure.
For more information on using Flash Remoting, see Using Flash Remoting MX.

Logging users out

After a user logs in, the ColdFusion user authorization and authentication information remains
valid until any of the following happens:
•
The application uses a
a log-out link or button.
•
If your application uses the Session scope for login information, the session ends.
•
If your application does not use the Session scope for login information, the user does not
request a new page for the
•
If your application does not use Session scope for login information, or if you use J2EE-based
session identification, the user closes all browser windows.
Note: If you use CFHTTP-based authentication, for example, if your web server logs in users and
your cfloginuser
original credentials, even if you log out the user with the
and before the browser closes, the cflogin structure in the
cflogout
user information.
Caution: If you use web server–based authentication or any form authentication that uses a Basic
HTTP Authorization header, the browser continues to send the authentication information to your
application until the user closes the browser, or in some cases, all open browser windows. This action
continues even after you use the
and before the browser closes, the cflogin structure in the
information. In this case, the only way to ensure that the user is fully logged out is for the user to close
the browser.
354 Chapter 16: Securing Applications
method to send login information to ColdFusion. Your Flash
method, as follows:
tag to log out the user, usually in response to the user clicking
cflogout
tag
cflogin
tag uses the credentials from that login, your web browser continues to send the
cflogout
period.
idleTimeout
cflogout
tag to log out the user. As a result, following a
cflogin
tag in the
cflogin
tag. As a result, following the
tag will have the old
cflogin
tag will have the same user
cflogin
cflogout