ColdFusion MX 7 Login Security (Page 9 of 13)

At this point in the tutorial we've covered most of our "ground rules" defined on page one. However, there are a few points that we haven't touched on. For starters, how do you log users out of the application? Sure we have code in place that will "automatically" log them out after a period of inactivity (this was accomplished with the last block of code in the onRequestStart method), but any good application will give the user a method for logging themselves out of the application. Secondly, what about that session tracking code in the Application scope? It will need to be addressed during our logout routine. And lastly, we've set up code in the onRequestStart method to handle "smart redirects" but how will this really work?

If you downloaded the source files for the tutorial, you'll notice four templates I haven't talked about, index.cfm, login.cfm, logout.cfm, and secondaryPage.cfm. Let's take a closer look at these and see how things are going to finally come together.

The index.cfm Template

35. <body>
36.    <cfoutput>
37.    Index.cfm reached. Login successful!<br/>
38.    Welcome ##Session.User.FirstName## ##Session.User.LastName##!
40.    Number of logged in users: ##Application.currentSessions##<br/><br/>
41.    </cfoutput>
42.    Application.sessionData:<br/>
43.    <cfdump var="##Application.sessionData##">
44.    <br/>
45.    <a href="secondaryPage.cfm">Click here to visit another page of the app.</a><br/>
46.    <a href="logout.cfm">Click here to log out.</a>
47. </body>

Our index.cfm template represents a sample page someone might see once they have logged in to an application. For most applications this template will have much more code than ours, including things like HTML, Flash, images, and more. For our purposes, we only need a few things. First, we display a simple "successful login" message followed by the users firstname, lastname, and the date and time they last logged in to the application. Next, we display the number of users currently logged in to the application and we dump the sessionid's of those users, which are stored in our Application.sessionData array. Finally, there's a link to a secondary page of our application and a link the user can use to log out.