If I had a quarter for every time this tag, which was forged upon the anvil of evil and chaos, got the best of me and my time I'd be able to... I don't know. Hire Adobe to write my code for me?
The CFLOGIN tag and the attribute-of-disdain known as loginStorage has smote me. It's my own fault for not understanding the difference between choosing "cookie" (the default, and my God just leave it be!) and choosing "session". I chose "session", thinking of course I'd like it in the session. All session based things, authentication included, ought to be in the session. Uh... no.
What started happening was that I would authenticate fine, establish my CF login and my roles, and it all looked okay. A CFDUMP of my credentials immediately following the CFLOGINUSER would yield just what I expected. However, the very next request would forget who I was entirely!
<cflogin>
<cfloginuser
name="#attributes.j_username#"
password="#Hash(attributes.j_password)#"
roles="administrator" />
</cflogin>
<cfdump var="#GetAuthUser()#" />
<cfdump var="#GetUserRoles()#" />
<cfabort />
Now I'd like to give some credit to Ray Camden for his frustration with this a long time ago, which is featured on this blog post. Also, please take note of this adorable post in the Adobe Knowledge Base about the issue, which basically says don't use loginStorage="session" because it's a security risk. Whiskey Tango Foxtrot!?
Recent Comments