Adobe 38043740 - ColdFusion Standard - Mac Development Manual page 350

DEVELOPING COLDFUSION 9 APPLICATIONS
Developing CFML Applications
Using ColdFusion security tags and functions
ColdFusion provides the following tags and functions for user security:
Tag or function
cflogin
cfloginuser
cflogout
cfNTauthenticate
cffunction
IsUserInAnyRole
GetAuthUser
Using the cflogin tag
The tag executes only if there is no currently logged-in user. It has the following three optional arguments
cflogin
that control the characteristics of a ColdFusion login:
Attribute
idleTimeout
applicationToken
cookieDomain
Login identification scope and the applicationToken attribute
The login identification created by the
that uses the tag and any of its subdirectories. Therefore, if a user requests a page in another directory tree,
cflogin
the current login credentials are not valid for accessing those pages. This security limitation lets you use the same user
names and passwords for different sections of your application (for example, a UserFunctions tree and a
SecurityFunctions tree) and enforce different roles to the users depending on the section.
Purpose
A container for user authentication and login code. The body of the tag runs only if the user is not logged
in. When using application-based security, you place code in the body of the
user-provided ID and password against a data source, LDAP directory, or other repository of login
identification. The body of the tag includes a
cfloginuser tag) to establish the authenticated user's identity in ColdFusion.
Identifies (logs in) a user to ColdFusion. Specifies the user's ID, password, and roles. This tag is typically used
inside a tag.
cflogin
The cfloginuser tag requires three attributes,
The roles attribute is a comma-delimited list of role identifiers to which the logged-in user belongs. All
spaces in the list are treated as part of the role names, so you should not follow commas with spaces.
While the user is logged-in to ColdFusion, security functions access the user ID and role information.
Logs out the current user. Removes knowledge of the user ID and roles from the server. If you do not use
this tag, the user is automatically logged out as described in
The tag does not take any attributes, and does not have a body.
cflogout
Authenticates a user name and password against the NT domain on which ColdFusion server is running,
and optionally retrieves the user's groups.
If you include a roles attribute, the function executes only when there is a logged-in user who belongs to
one of the specified roles.
Returns True if the current user is a member of the specified role.
Returns the ID of the currently logged-in user.
This tag first checks for a login made with
(cgi.remote_user.
Use
If no page requests occur during the idleTimeout period, ColdFusion logs out the user. The default is 1800
seconds (30 mins). This is ignored if login information is stored in the Session scope.
Limits the login validity to a specific application as specified by a ColdFusion page's cfapplication tag. The
default value is the current application name.
Specifies the domain of the cookie used to mark a user as logged-in. You use cookieDomain if you have a
clustered environment (for example, x.acme.com, x2.acme.com, and so on). This lets the cookie work for
all the computers in the cluster.
tag is valid only for pages within the directory that contains the page
cflogin
Last updated 1/20/2012
cfloginuser tag (or a ColdFusion page that contains a
name , password , and roles
"Logging out users" on page 348.
cfloginuser tag. If none exists, it checks for a web server login
345
cflogin tag to check the
, and does not have a body.