Using Session Variables to Preserve Data During One Browsing Session

 < Day Day Up > 



Unlike client variables, which persist each time a user visits your application, session variables are designed to persist for only a limited amount of time. Consider an application that requires a user to log in via a standard user/password form. After a user logs in, he or she should be able to view protected pages without having to perform the login action each time he or she views a page. However, once a user leaves the site for a length of time, the "logged in" status should be reset so that the user is required to log in again upon the next visit. In cases like these, you don't want variables to persist between multiple user sessions, but just for the current one. Session variables provide the solution.

You enable session variables much the same way you do client variables — by adding a line in  Application.cfm. When you do so, you can either supply a custom timeout value, or use ColdFusion's default value of 20 minutes. The timeout value specifies how long a user's session may remain inactive before the session is considered complete and the session variables disappear. For example, the default timeout value of 20 minutes will allow a user to walk away from his or her computer in the middle of a browsing session, return 15 minutes later, and continue browsing with all session variables intact. However, if that user were to return 25 minutes later, the session variables would no longer exist, and in the case of a login function, he or she would have to log in again to continue viewing protected pages.

Note 

The maximum value allowed for timeouts is set in ColdFusion MX Administrator. Once this is done, the value can't be overridden by a greater value in your <cfapplication> tag.

After session variables are defined, any template within an application can access them. This presents a significant savings in development time over having to pass variables only from a URL or a form. For example, using URL variables exclusively would require that all necessary variables are included in the URL of every link on your site--not a very practical method for passing data.

Enabling session variables in Application.cfm

To create a simple login application, you begin with an  Application.cfm page. Listing 52-5 shows one that enables session variables and defines a session length of 30 minutes.

Listing 52-5: Application.cfm

start example
<cfapplication name="protected_site" sessionmanagement="yes"  sessiontimeout="#CreateTimeSpan(0,0,30,0)#">     <!---define a default value for session.logged_in, which will later be  used to check whether the user has successfully logged in---> <cfparam name="session.logged_in" default="no">
end example

This  Application.cfm file also defines a default value for a session variable, session.logged_in, which you'll use in the next sections. Note that like client variables, session variables can be defined just by using the session scope.

Tip 

Session timeout values are defined using the CreateTimeSpan() function. This function accepts four input parameters: days, hours, minutes, and seconds. For example, a session timeout value of two days would be written as #CreateTimeSpan(2,0,0,0)#; a value of 10 minutes would be written as #CreateTimeSpan(0,0,10,0)#.

Creating a login form

Creating a login page for an application driven by session variables is straightforward; you only need to collect a username and password, and pass it on to an action page, as shown in Listing 52-6.

Listing 52-6: login_form.cfm

start example
<html> <head> <title>Login Page</title> <meta http-equiv="Content-Type" content="text/html; charset=iso- 8859-1"> </head>     <body> <h2>Login Page</h2>     <p>Please log in using the user name and password provided by your  system administrator.</p>     <form action="login_action.cfm" method="post">      <p>Username: <input type="text" name="username"></p>      <p>Password: <input type="password" name="password"></p>      <input type="submit" value="Log In"> </form> </body> </html>
end example

Setting a user's login status on an action page

After a user submits a login form, the action page can use a <cfif> statement to check the supplied username and password against the correct values. If the login information is incorrect, the user is notified and directed back to the login form. If the information is correct, a session variable, session.logged_in is redefined to yes, acknowledging that the user has successfully logged in. This session variable persists for the timeout value specified in  Application.cfm — in this case, 30 minutes. Listing 52-7 shows an example of the checking process as well as the session variable definition.

Listing 52-7: login_action.cfm

start example
 <html> <head> <title>Login Results</title> <meta http-equiv="Content-Type" content="text/html; charset=iso- 8859-1"> </head>     <body>     <!---if supplied username and password match newuser/coldfusion, set a  session variable acknowledging a successful login--->     <cfif form.username is 'newuser' and form.password is 'coldfusion'>          <cfset session.logged_in = "yes">            <h2>Login Successful</h2>      <p>Thanks for logging in. You may now proceed to the <a  href="index.cfm">protected material.</a></p>     <!---if login incorrect, show error and direct user back to form--->     <cfelse>          <h2>Login Unsuccessful</h2>      <p>The username and/or password values you supplied are incorrect.  If you believe this to be in error, please try the <a  href="login_form.cfm">login form</a> again.</p>     </cfif>     </body> </html> 
end example

Using a session variable to check login status

After a user submits correct login data, session.logged_in contains the value yes. You can then use a snippet like the following one on any page in your application that may require protection:

<cfif session.logged_in is 'no'>      <!---redirect user to login form--->      <cflocation url="login_form.cfm"> <cfelse>      <!---display protected page contents here---> </cfif>

This code uses a <cfif> block to check the contents of session.logged_in. Remember that this variable by default is set to no by the  Application.cfm page. In this case, the user is redirected back to the login form with a handy ColdFusion tag called <cflocation>. The tag takes one attribute — a URL to which the user should be directed.

If a user has successfully logged in at some point during the current session, the value of session.logged_in will be yes, and thus the user will be shown whatever text or code lies within the <cfelse> block. Most often this would be the body of a protected page.

After a user logs in, the preceding snippet allows him or her to view protected material for the duration of the session. After the session has timed out, the user is redirected to the login page as if the initial login had never occurred.



 < Day Day Up > 



Macromedia Studio MX Bible
Macromedia Studio MX Bible
ISBN: 0764525239
EAN: 2147483647
Year: 2003
Pages: 491

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net