Do you want to remember your
members?
By this I mean, on your login form, have you
ever wanted to have a "Remember me" checkbox, allowing the member to
not have to enter their username and password every time the come to your web
site? The trick to this is using ColdFusion Cookies! No, Not chocolate chip
cookie, ColdFusion cookie! (They taste even better then they sound! :) Let me
show you an example:
First let me explain what cookies are, cookie
are files that are stored in your browser to allow you to put and get
information for later us (Think of your browser cookie area as a cookie jar and
all the cookies you get online are different types of cookies. Now, defining and
using a cookie in ColdFusion is actually quite simple. Let me show you how you
define a cookie and how you read a cookie.
To define a cookie, you do this:
<cfcookie name="MyCookie"
value="Hello">
To read a cookie, you do this:
<cfoutput>
#cookie.MyCookie#
</cfoutput>
Now, cookies have a lot of settings you can
use, but in this example we'll take it one step further, you will be using the
"Expire" variable setting. This will allow you to tell the cookie when
it expires and is no longer usable. In this tutorial we will set that value to
NEVER, because we never want the cookie to expire (We want it to ALWAYS be
accessible).
The first thing we must do it to create the
login.cfm page, this will be the form that users will enter their
username/password to log into the site.
The first thing we need to do is to see if the
cookies exist, to achieve this we will use:
<cfif IsDefined("cookie.username")>
<!--- a cookie exist, so let's
put in this username automatically into the form --->
<cfset username = cookie.username>
<cfelse>
<!--- a cookie DOES NOT exist, so
let's put a blank value in the username field --->
<cfset username = "">
</cfif>
Next let's see if the password exists in the
cookies (It's suggested that you dont save the password, but some of you MIGHT
want that feature, so Im implementing the code either way :)
<cfif IsDefined("cookie.password")>
<!--- a cookie exist, so let's put in
this password automatically into the form --->
<cfset password = cookie.password>
<cfelse>
<!--- a cookie DOES NOT exist, so
let's put a blank value in the password field --->
<cfset password = "">
</cfif>
<cfoutput>
<form action="login_process.cfm"
method="post">
<table width="500"
border="0">
<tr>
<td width="500"
colspan="2"></td>
</tr>
<tr>
<td width="250">Username:</td>
<td width="250"><input
type="text"
name="username"
value="#username#"></td>
</tr>
<tr>
<td width="250">Password:</td>
<td width="250"><input
type="password"
name="password" value="#password#"></td>
</tr>
<tr>
<td width="250">Remember
Me</td>
<td width="250"><input
type="checkbox"
name="RememberMe"
value="Yes"
<cfif IsDefined("cookie.username")
OR
IsDefined("cookie.password")>
CHECKED</cfif>></td>
</tr>
<tr>
<td width="250"></td>
<td width="250"><input
type="submit"
name="Process"
value="Login"></td>
</tr>
</table>
</form>
</cfoutput>
The next thing we need is the page "login_process.cfm"
this is where the magic takes place, not only do you actually authenticate your
users to verify their members, but you also remember or forget their login
information. Let's see the code:
<cfquery name="qVerify"
datasource="YourDSN">
SELECT ID
FROM MEMBERS
WHERE
meber_username = '#FORM.username#'
AND member_password = '#FORM.password#'
</cfquery>
<cfif
qVerify.RecordCount>
<!--- this user is good, before
actually logging them in, see if their information will be saved for next time
--->
<cfif IsDefined("RememberMe")>
<!--- members wants their information remembered, so set the cookies --->
<cfcookie
name="username"
value="#form.username#" expires="NEVER">
<cfcookie name="password"
value="#form.password#" expires="NEVER">
<cfelse>
<!---
member does NOT want their information remember, EXPIRE their cookies NOW so
they are deleted for good! --->
<cfcookie
name="username" value="#form.username#"
expires="NOW">
<cfcookie name="password"
value="#form.password#"
expires="NOW">
</cfif>
<!--- now that you're done with
the cookie, follow the REGULAR login procedures as you regularly do --->
</cfif>
That's pretty much it, you can now give your
users the "ability" to not have to enter their login details everytime!
:)
Questions? Comments? Let
me hear from you!
Date added: Tue. May 13, 2003
Posted by: Pablo Varando | Views: 21765 | Tested Platforms: CF4,CF5,CFMX | Difficulty: Intermediate
Best Practices
Other
Reusing Code
 |
srihari
Posted by: srihai
Posted on: 10/12/2004 08:36 AM
|
application.cfm
What needs to be set in the application file to make this all work? I'm having a problem getting both my session management and my cookies to work.
Posted by: Chris
Posted on: 10/28/2004 08:39 PM
|
Application.cfm
You have to enable the cookies in the application.cfm,
use the SETCLIENTCOOKIES to yes.
Posted by: Raj
Posted on: 02/22/2005 09:41 PM
|
remember me
This is a great tutorial and I agree that password should not be remembered. Then again certain applications do not require strict security measures. Having said that it was great to see that you included this option.
BroChild
Posted by: BroChild
Posted on: 04/18/2005 11:42 AM
|
Browser Check
Pablo:
Love the tutorial!
How do we know the browser is allowing the cookie to be set on the clinet's computer?
Ca you provide some guidance on how to do this
Many Thanks
Posted by: BroChild
Posted on: 06/15/2005 11:53 AM
|
Hmmm
I think you should store the username and password in the CLIENT scope (set to be stored in CF's memory) instead of the COOKIE
Posted by: Raul Riera
Posted on: 11/13/2006 12:07 AM
|
|
ColdFusion Hosting
Blink
Del.icio.us
Digg
Furl
Google
Simpy
Spurl
Y! MyWeb