|
DescriptionA container
for user login and authentication code. ColdFusion runs the code
in this tag if a user is not already logged in. You put code in
the tag that authenticates the user and identifies the user with
a set of roles. Used with cfloginuser tag.
Syntax<cflogin
applicationToken = "token"
cookieDomain = "domain"
idletimeout = "value">
...
<cfloginuser
name = "name"
password = "password"
roles = "roles">
</cflogin>
HistoryColdFusion
8: The applicationtoken attribute lets you specify
a unique application identifier for each application, or the same
value for multiple applications.
ColdFusion MX 6.1: Changed
behavior: the cflogin variable exists when ColdFusion
receives a request with NTLM or Digest (HTTP Negotiated header) authentication
information.
ColdFusion MX: Added this tag.
Attributes
Attribute
|
Req/Opt
|
Default
|
Description
|
|---|
applicationtoken
|
Optional
|
The current application name
|
The login that applies to the application.
To let users log in to only one application, specify a unique value
for that application. To let users log in to multiple applications,
specify the same value for those applications. If you do not set
a value for the applicationtoken attribute, the
default value is CFAUTHORIZATION_applicationname.
|
cookiedomain
|
Optional
|
|
Domain of the cookie that is used to mark
a user as logged in. Use this attribute to enable a user login cookie
to work with multiple clustered servers in the same domain.
|
idletimeout
|
Optional
|
1800
|
Time interval, in seconds, after which ColdFusion
logs off the user.
|
UsageThe body
of this tag executes only if there is no logged-in user. When using
application-based security, you put code in the body of the cflogin tag
to check the user-provided ID and password against a data source,
LDAP directory, or other repository of login identification. The
body must include a cfloginuser tag to establish
the authenticated user's identity in ColdFusion.
You control
the data source and are responsible for coding the SQL within the cflogin tag;
make sure that the associated database has user, password, and role
information.
The cflogin tag has a built-in cflogin structure
that contains two variables, cflogin.name and cflogin.password,
if the page is executing in response to any of the following:
Submission of a form that contains input fields with the
names j_username and j_password.
A request that uses HTTP Basic authentication and, therefore,
includes an Authorization header with the user name and password.
A request that uses NTLM or Digest authentication. In this
case, the username and password are hashed using a one-way algorithm
in the Authorization header; ColdFusion gets the username from the
web server and sets the cflogin.password value
to the empty string.
You can use these values in the cflogin tag
body to authenticate the user, and, in the cfloginuser tag,
to log the user in. The structure is only available in the cflogin tag
body.
ExampleThe
following example shows a simple authentication. This code is typically
in the Application.cfc onRequestStart method or
in the application.cfm page.
<cflogin>
<cfif NOT IsDefined("cflogin")>
<cfinclude template="loginform.cfm">
<cfabort>
<cfelse>
<cfif cflogin.name eq "admin">
<cfset roles = "user,admin">
<cfelse>
<cfset roles = "user">
</cfif>
<cfloginuser name = "#cflogin.name#" password = "#cflogin.password#"
roles = "#roles#"/>
</cfif>
</cflogin>
The following view-only example
checks the user ID and password against a data source:
<cfquery name="qSecurity"
datasource="UserRolesDb">
SELECT Roles FROM SecurityRoles
WHERE username=<cfqueryparam value='#cflogin.name#' CFSQLTYPE="CF_SQL_VARCHAR"
AND password=<cfqueryparam value='#cflogin.password#' CFSQLTYPE='CF_SQL_VARCHAR'
</cfquery>
<cfif qSecurity.recordcount gt 0>
<cfloginuser name = "#cflogin.name#"
password = "#cflogin.password#"
roles = "#trim(qSecurity.Roles)#" >
</cfif>
|
|
|
