ColdFusion MX 7 Login Security (Page 10 of 13)

The login.cfm Template

Our login.cfm template is a pretty basic form using ColdFusion's CFFORM tag to handle some simple validation of the Username and Password fields. Everything in this template should look very familiar. The only thing I want to point out is the following line:

39. <cfset session.requestedPage = CGI.SCRIPT_NAME>

This line stores the value of the page the user requests in their browser. For instance, if a user is not logged in but they attempt to view the secondaryPage.cfm template, they will immediately be redirected to login.cfm. Line 39 in login.cfm will then save the value of the requested template which will be used to redirect the user once they have successfully logged in to the application. Feel free to review the onRequestStart method of the Application.cfc again to see this code come full circle. Also, give it a try yourself by trying to view the secondaryPage.cfm template before you have logged in.

The secondaryPage.cfm Template

While we're at it, let's review the secondaryPage.cfm template. This is just a short page of our application used to test "smart redirects" during login. It can also be used to switch back and forth between the index.cfm template to re-display the dump of the current sessions. This is useful when you are testing the application by logging in with two separate browsers (Safari and Firefox for instance).

37. <body>
38.    This is a secondary page of the app.<br/><br/>
39.    <a href="index.cfm">Click here for the main page.</a>
40. </body>