ColdFusion 9.0 Resources |
cfloginDescriptionA container for user login and authentication code. ColdFusion runs the code in this tag if a user is not already logged in. You put code in the tag that authenticates the user and identifies the user with a set of roles. Used with cfloginuser tag. Syntax<cflogin applicationToken = "token" cookieDomain = "domain" idletimeout = "value"> ... <cfloginuser name = "name" password = "password" roles = "roles"> </cflogin> See alsocfloginuser, cflogout, GetAuthUser, GetUserRoles, IsUserInAnyRole, IsUserInRole, IsUserLoggedIn, Securing Applications in the Developing ColdFusion Applications HistoryColdFusion 8: The applicationtoken attribute lets you specify a unique application identifier for each application, or the same value for multiple applications. ColdFusion MX 6.1: Changed behavior: the cflogin variable exists when ColdFusion receives a request with NTLM or Digest (HTTP Negotiated header) authentication information. ColdFusion MX: Added this tag. Attributes
UsageThe body of this tag executes only if there is no logged-in user. When using application-based security, you put code in the body of the cflogin tag to check the user-provided ID and password against a data source, LDAP directory, or other repository of login identification. The body must include a cfloginuser tag to establish the authenticated user's identity in ColdFusion. You control the data source and are responsible for coding the SQL within the cflogin tag; make sure that the associated database has user, password, and role information. The cflogin tag has a built-in cflogin structure that contains two variables, cflogin.name and cflogin.password, if the page is executing in response to any of the following:
ExampleThe following example shows a simple authentication. This code is typically in the Application.cfc onRequestStart method or in the application.cfm page. <cflogin> <cfif NOT IsDefined("cflogin")> <cfinclude template="loginform.cfm"> <cfabort> <cfelse> <cfif cflogin.name eq "admin"> <cfset roles = "user,admin"> <cfelse> <cfset roles = "user"> </cfif> <cfloginuser name = "#cflogin.name#" password = "#cflogin.password#" roles = "#roles#"/> </cfif> </cflogin> The following view-only example checks the user ID and password against a data source: <cfquery name="qSecurity" datasource="UserRolesDb"> SELECT Roles FROM SecurityRoles WHERE username=<cfqueryparam value='#cflogin.name#' CFSQLTYPE="CF_SQL_VARCHAR" AND password=<cfqueryparam value='#cflogin.password#' CFSQLTYPE='CF_SQL_VARCHAR' </cfquery> <cfif qSecurity.recordcount gt 0> <cfloginuser name = "#cflogin.name#" password = "#cflogin.password#" roles = "#trim(qSecurity.Roles)#" > </cfif> |