CfLogin Probem

Similar Messages

• CFLOGIN works, but not simultaneously on different servers/broswers

  I'm using CFLOGIN with application.cfc which works great when I test it - I'll call it login session A in browser window 1.
  When I simultaneously log into the same app on a different server with a different username (login session B in browser window 2), I can't login - unless I log out out of session A/browser window 1 first. Something in my new code is preventing me from logging into my app more than one time, even when the apps are on separate servers and I'm using different usernames.
  We have the same app on various servers (test/development/production), and I used to be able to login on 2-3 browsers or servers at a time - and I never had a problem until recently when I made some changes to the application.cfc and login code.
  I updated the code because before the session scopes and login credentials were not being initiated and terminated together (upon login/logout). Before, a user was clicking 'logout' and it was clearing the session scopes without invoking CFLOGOUT. Now, I fixed that, but I have another problem, which is that I can't log into the application on two different browsers or servers at the same time (even if I'm using different login usernames). Any suggestions would be appreciated.
  <cfcomponent displayname="Application" output="false">
      <cfset this.name = 'SampleApp'>
      <cfset this.SessionManagement = true>
      <cfset this.SetClientCookies = true>
      <cfset this.SessionTimeout = CreateTimeSpan( 0, 0, 5, 0 ) />
  <cffunction name="onSessionStart" access="public" returntype="void" output="false">
      <cfset session.hostname = 'http://'&#CGI.HTTP_HOST#&'/'>
      <cfset session.dbase = 'localdb'>
      <cfset session.roles = ArrayNew(1)>
      <cfreturn>
  </cffunction>
  <cffunction name="onApplicationStart" access="public" returntype="boolean" output="false">
      <cflog file="SampleApp" type="information" text="Application started." />
      <cfreturn true>
  </cffunction>
  <cffunction name="onApplicationEnd" returntype="void" output="false" hint="Executes on session timeout or if server shuts down.">
      <cfcookie name="CFID" value="#CFID#" expires="now">
      <cfcookie name="CFTOKEN" value="#CFTOKEN#"  expires="now">
      <cfreturn>
  </cffunction>
  <cffunction name="onRequestStart" access="public" returntype="void" output="true" hint="Executes before each page processes.">
      <cfargument name="targetPage" type="String" required="true"/>
          <cfsilent>
          <cfif GetAuthUser() NEQ ''>
              <cfif NOT isDefined('session.uname')>
                  <cfif CGI.HTTP_REFERER DOES NOT CONTAIN "login.cfm">
                      <cfinclude template="expired.cfm">
                      <cfabort>
                  </cfif>
              </cfif>
          </cfif>
          <cflogin>  
              <!--- Flash Remoting setCredentials() passes cflogin.user and cflogin.password using checklogin.cfc --->
              <cfif IsDefined('cflogin')>        
                  <cfquery name="qValidateLogin" datasource="#session.dbase#" username="#cflogin.name#" password="#cflogin.password#">
                      SELECT    role
                      FROM    session_roles
                  </cfquery>
                  <cfif qValidateLogin.RecordCount GT 0>
                      <cfloginuser name="#cflogin.name#" password="#cflogin.password#" roles="#qValidateLogin.ROLE#">
                      <cflog text="User - #cflogin.name#" type="Information" file="Filename" date="yes" time="yes">
                  <cfelse>
                      <cfinclude template="login.cfm">
                      <cfabort>
                  </cfif>
              <cfelse>
                  <cfif right(arguments.targetPage,10) is "logout.cfm">
                      <cflocation url="index.cfm">
                      <cfabort>
                  <cfelse>              
                      <cfinclude template="login.cfm">
                      <cfabort>  
                  </cfif>          
              </cfif>
          </cflogin>
          </cfsilent>      
  </cffunction>
  </cfcomponent>

  Oh no, that was my mistake. Thank you for catching that! That query is currently not being used on my Application.cfc page, which is why I wasn't having problems with it, but I'm glad you pointed it out to me. I had that code in my Application.cfc file just incase I wanted to check login from somewhere else, but my login query is actually being called with Flash Remoting using setCredentials() to connect to login.cfc. This is the correct query in my login.cfc file:
              <cfquery name="qValidateLogin" username="#session.uname#" password="#session.pword#" datasource="#session.dbase#">
                  select role from session_roles where role like 'xxxxx%'     
              </cfquery>
  I do think I figured out a solution to my problem though. I found out how to use applicationToken, which I understand if it is not set, by default will be the value of application.Name. If you want users to be able to log into multiple instances of  your application at the same time, you would give the applicationToken the same value. This would be great for clustered servers or sites with sub-domains.
  If you wanted to force only one login for the three different sites, you could give this a different value. VERY useful. So I have:
  <cfcomponent displayname="Application" output="false">
      <cfset this.name = 'SampleApp'>
      <cfset this.SessionManagement = true>
      <cfset this.SetClientCookies = true>
      <cfset this.SessionTimeout = CreateTimeSpan( 0, 0, 5, 0 ) />
      <cfset this.loginStorgage = "session">
      <cfset this.applicationtoken = 'SampleAppSub'>
  Now, I can log into this site on my development machine with multiple browsers pointing to the same site hosted on different servers - with no problem. I never had an issue with this before, but something else I recently added into my code in Application.cfc made this not work. I should probably also mention that I work on many different applications that all use the same application.Name even though they are different sites - we do this so the same settings can be deployed on different servers.
  With the applicationToken settings, I have it working again. Perhaps what made it break was setting this.loginStorage = "session"? Before this was not set and was using the default value of  "cookies" which I didn't want - because my site is used by different people on the same box and we have clustered servers.

• CF 10, Consistent java.lang.NullPointerException at cflogin after 20 minutes

  Fresh install of cf 10, using tested, mature code written for cf 9. Code is in production on cf 9 in several installations. Application is sitting on its home screen, where there are 4 areas that have ajax driven content that is updated every 5 minutes. After 20 minutes one of the alax driven areas generates an error. The error in is application.cfc, OnRequestStart, and is at the line where <cflogin> starts. Almost seems like a timeout, however it it throwing an error as indicate below. Anyone have any ideas how to go about troublshooting/solving this? Wrapping it in cftry and trying to get additional information does not provide any more detail, as a matter of fact the cfcatch info is all blank!
  EXCEPTION
  struct
  Cause
  struct
  Message
  [empty string]
  StackTrace
  java.lang.NullPointerException at  java.util.Hashtable.put(Hashtable.java:542) at  coldfusion.runtime.SecurityScopeTracker.setSecurity(SecurityScopeTracker.java:23  5) at  coldfusion.runtime.SecurityScopeTracker.getSecurity(SecurityScopeTracker.java:1  24) at  coldfusion.tagext.security.AuthenticateTag.doStartTag(AuthenticateTag.java:172)  at  cfApplication2ecfc1223778257$funcONREQUESTSTART._factor14(C:\inetpub\wwwroot\CM  SUAT\Application.cfc:560) at  cfApplication2ecfc1223778257$funcONREQUESTSTART.runFunction(C:\inetpub\wwwroot\  CMSUAT\Application.cfc:500) at  coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:472) at  coldfusion.runtime.UDFMethod$ArgumentCollectionFilter.invoke(UDFMethod.java:368  ) at  coldfusion.filter.FunctionAccessFilter.invoke(FunctionAccessFilter.java:55)  at coldfusion.runtime.UDFMethod.runFilterChain(UDFMethod.java:321) at  coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:220) at  coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:655) at  coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:444) at  coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:414) at  coldfusion.runtime.AppEventInvoker.invoke(AppEventInvoker.java:108) at  coldfusion.runtime.AppEventInvoker.onRequestStart(AppEventInvoker.java:278)  at  coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:417)  at  coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48)  at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40)  at coldfusion.filter.PathFilter.invoke(PathFilter.java:112) at  coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:94) at  coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFil  ter.java:28) at  coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at  coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:58) at  coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at  coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at  coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62) at  coldfusion.CfmServlet.service(CfmServlet.java:219) at  coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89)  at  org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFil  terChain.java:305) at  org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain  .java:210) at  coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilt  er.java:42) at  coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)  at  org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFil  terChain.java:243) at  org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain  .java:210) at  org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:  224) at  org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:  169) at  org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.ja  va:472) at  org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)  at  org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)  at  org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:928)  at  org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:11  8) at  org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:414)  at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:204) at   org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractPr  otocol.java:539) at  org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:298  ) at  java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)  at  java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)  at java.lang.Thread.run(Thread.java:722)
  Suppressed
  array [empty]
  TagContext
  array
  1
  struct
  COLUMN
  0
  ID
  CFAUTHENTICATE
  LINE
  560
  RAW_TRACE
  at cfApplication2ecfc1223778257$funcONREQUESTSTART._factor14(C:\inetpub\wwwroot\CM SUAT\Application.cfc:560)
  TEMPLATE
  C:\inetpub\wwwroot\CMSUAT\Application.cfc
  TYPE
  CFML
  2
  struct
  COLUMN
  0
  ID
  CF_APPLICATION
  LINE
  500
  RAW_TRACE
  at cfApplication2ecfc1223778257$funcONREQUESTSTART.runFunction(C:\inetpub\wwwroot\ CMSUAT\Application.cfc:500)
  TEMPLATE
  C:\inetpub\wwwroot\CMSUAT\Application.cfc
  TYPE
  CFML
  Type
  java.lang.NullPointerException
  Detail
  An exception occurred while invoking an event handler method from Application.cfc. The method name is: onRequestStart.
  Message
  Event handler exception.
  RootCause
  struct
  Message
  [empty string]
  StackTrace
  java.lang.NullPointerException at  java.util.Hashtable.put(Hashtable.java:542) at  coldfusion.runtime.SecurityScopeTracker.setSecurity(SecurityScopeTracker.java:2  35) at  coldfusion.runtime.SecurityScopeTracker.getSecurity(SecurityScopeTracker.java:1  24) at  coldfusion.tagext.security.AuthenticateTag.doStartTag(AuthenticateTag.java:172)  at  cfApplication2ecfc1223778257$funcONREQUESTSTART._factor14(C:\inetpub\wwwroot\CM  SUAT\Application.cfc:560) at  cfApplication2ecfc1223778257$funcONREQUESTSTART.runFunction(C:\inetpub\wwwroot\  CMSUAT\Application.cfc:500) at  coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:472) at  coldfusion.runtime.UDFMethod$ArgumentCollectionFilter.invoke(UDFMethod.java:368  ) at  coldfusion.filter.FunctionAccessFilter.invoke(FunctionAccessFilter.java:55)  at coldfusion.runtime.UDFMethod.runFilterChain(UDFMethod.java:321) at  coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:220) at  coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:655) at  coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:444) at  coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:414) at  coldfusion.runtime.AppEventInvoker.invoke(AppEventInvoker.java:108) at  coldfusion.runtime.AppEventInvoker.onRequestStart(AppEventInvoker.java:278)  at  coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:417)  at  coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48)  at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40)  at coldfusion.filter.PathFilter.invoke(PathFilter.java:112) at  coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:94) at  coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFil  ter.java:28) at  coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at  coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:58) at  coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at  coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at  coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62) at  coldfusion.CfmServlet.service(CfmServlet.java:219) at  coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89)  at  org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFil  terChain.java:305) at  org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain  .java:210) at  coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilt  er.java:42) at  coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)  at  org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFil  terChain.java:243) at  org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain  .java:210) at  org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:  224) at  org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:  169) at  org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.ja  va:472) at  org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)  at  org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)  at  org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:928)  at  org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:11  8) at  org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:414)  at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:204) at   org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractPr  otocol.java:539) at  org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:298  ) at  java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)  at  java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)  at java.lang.Thread.run(Thread.java:722)
  Suppressed
  array [empty]
  TagContext
  array
  1
  struct
  COLUMN
  0
  ID
  CFAUTHENTICATE
  LINE
  560
  RAW_TRACE
  at cfApplication2ecfc1223778257$funcONREQUESTSTART._factor14(C:\inetpub\wwwroot\CM SUAT\Application.cfc:560)
  TEMPLATE
  C:\inetpub\wwwroot\CMSUAT\Application.cfc
  TYPE
  CFML
  2
  struct
  COLUMN
  0
  ID
  CF_APPLICATION
  LINE
  500
  RAW_TRACE
  at cfApplication2ecfc1223778257$funcONREQUESTSTART.runFunction(C:\inetpub\wwwroot\ CMSUAT\Application.cfc:500)
  TEMPLATE
  C:\inetpub\wwwroot\CMSUAT\Application.cfc
  TYPE
  CFML
  Type
  java.lang.NullPointerException
  StackTrace
  coldfusion.runtime.EventHandlerException: Event handler exception. at  coldfusion.runtime.AppEventInvoker.onRequestStart(AppEventInvoker.java:286)  at  coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:417)  at  coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48)  at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40)  at coldfusion.filter.PathFilter.invoke(PathFilter.java:112) at  coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:94) at  coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFil  ter.java:28) at  coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at  coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:58) at  coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at  coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at  coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62) at  coldfusion.CfmServlet.service(CfmServlet.java:219) at  coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89)  at  org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFil  terChain.java:305) at  org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain  .java:210) at  coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilt  er.java:42) at  coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)  at  org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFil  terChain.java:243) at  org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain  .java:210) at  org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:  224) at  org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:  169) at  org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.ja  va:472) at  org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)  at  org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)  at  org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:928)  at  org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:11  8) at  org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:414)  at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:204) at   org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractPr  otocol.java:539) at  org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:298  ) at  java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)  at  java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)  at java.lang.Thread.run(Thread.java:722) Caused by:  java.lang.NullPointerException at  java.util.Hashtable.put(Hashtable.java:542) at  coldfusion.runtime.SecurityScopeTracker.setSecurity(SecurityScopeTracker.java:2  35) at  coldfusion.runtime.SecurityScopeTracker.getSecurity(SecurityScopeTracker.java:1  24) at  coldfusion.tagext.security.AuthenticateTag.doStartTag(AuthenticateTag.java:172)  at  cfApplication2ecfc1223778257$funcONREQUESTSTART._factor14(C:\inetpub\wwwroot\CM  SUAT\Application.cfc:560) at  cfApplication2ecfc1223778257$funcONREQUESTSTART.runFunction(C:\inetpub\wwwroot\  CMSUAT\Application.cfc:500) at  coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:472) at  coldfusion.runtime.UDFMethod$ArgumentCollectionFilter.invoke(UDFMethod.java:368  ) at  coldfusion.filter.FunctionAccessFilter.invoke(FunctionAccessFilter.java:55)  at coldfusion.runtime.UDFMethod.runFilterChain(UDFMethod.java:321) at  coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:220) at  coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:655) at  coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:444) at  coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:414) at  coldfusion.runtime.AppEventInvoker.invoke(AppEventInvoker.java:108) at  coldfusion.runtime.AppEventInvoker.onRequestStart(AppEventInvoker.java:278)  ... 33 more
  Suppressed
  array [empty]
  TagContext
  array
  1
  struct
  COLUMN
  0
  ID
  CFAUTHENTICATE
  LINE
  560
  RAW_TRACE
  at cfApplication2ecfc1223778257$funcONREQUESTSTART._factor14(C:\inetpub\wwwroot\CM SUAT\Application.cfc:560)
  TEMPLATE
  C:\inetpub\wwwroot\CMSUAT\Application.cfc
  TYPE
  CFML
  2
  struct
  COLUMN
  0
  ID
  CF_APPLICATION
  LINE
  500
  RAW_TRACE
  at cfApplication2ecfc1223778257$funcONREQUESTSTART.runFunction(C:\inetpub\wwwroot\ CMSUAT\Application.cfc:500)
  TEMPLATE
  C:\inetpub\wwwroot\CMSUAT\Application.cfc
  TYPE
  CFML
  Type
  Expression
  name
  onRequestStart

  One of my customers just started experiencing this as well. I am just getting into trying to resolve the issue.  I will report back here as soon as I have something to report.  In the meantime, has anyone made any progress?
  Below is the exception received:
  09/22/2014 08:25 PM.
  null null
  The error occurred on line 280.
  java.lang.NullPointerException at java.util.Hashtable.put(Hashtable.java:542) at coldfusion.runtime.SecurityScopeTracker.setSecurity(SecurityScopeTracker.java:235) at coldfusion.runtime.SecurityScopeTracker.getSecurity(SecurityScopeTracker.java:124) at coldfusion.tagext.security.AuthenticateTag.doStartTag(AuthenticateTag.java:172) at cfApplication2ecfc1495732981$funcONREQUESTSTART._factor11(D:\somefolder\Application.cfc:2 80) at cfApplication2ecfc1495732981$funcONREQUESTSTART.runFunction(D:\somefolder\Application.cfc :266) at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:472) at coldfusion.runtime.UDFMethod$ArgumentCollectionFilter.invoke(UDFMethod.java:368) at coldfusion.filter.FunctionAccessFilter.invoke(FunctionAccessFilter.java:55) at coldfusion.runtime.UDFMethod.runFilterChain(UDFMethod.java:321) at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:220) at coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:655) at coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:444) at coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:414) at coldfusion.runtime.AppEventInvoker.invoke(AppEventInvoker.java:108) at coldfusion.runtime.AppEventInvoker.onRequestStart(AppEventInvoker.java:278) at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:417) at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40) at coldfusion.filter.PathFilter.invoke(PathFilter.java:112) at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:94) at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:2 8) at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:58) at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62) at coldfusion.CfmServlet.service(CfmServlet.java:219) at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:305) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42 ) at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at sun.reflect.GeneratedMethodAccessor53.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:601) at com.intergral.fusionreactor.j2ee.filterchain.WrappedFilterChain.doFilter(WrappedFilterCha in.java:97) at com.intergral.fusionreactor.j2ee.filter.FusionReactorRequestHandler.doNext(FusionReactorR equestHandler.java:472) at com.intergral.fusionreactor.j2ee.filter.FusionReactorRequestHandler.doHttpServletRequest( FusionReactorRequestHandler.java:312) at com.intergral.fusionreactor.j2ee.filter.FusionReactorRequestHandler.doFusionRequest(Fusio nReactorRequestHandler.java:192) at com.intergral.fusionreactor.j2ee.filter.FusionReactorRequestHandler.handle(FusionReactorR equestHandler.java:507) at com.intergral.fusionreactor.j2ee.filter.FusionReactorCoreFilter.doFilter(FusionReactorCor eFilter.java:36) at sun.reflect.GeneratedMethodAccessor52.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:601) at com.intergral.fusionreactor.j2ee.filterchain.WrappedFilterChain.doFilter(WrappedFilterCha in.java:79) at sun.reflect.GeneratedMethodAccessor51.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:601) at com.intergral.fusionreactor.agent.filter.FusionReactorStaticFilter.doFilter(FusionReactor StaticFilter.java:53) at com.intergral.fusionreactor.agent.pointcuts.NewFilterChainPointCut$1.invoke(NewFilterChai nPointCut.java:41) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:928) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:414) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:204) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.jav a:539) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:298) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:722)

• CF11 : cflogin doesn't "stuck" after session/login timeout

  Hi,
  Since migrating from CFMX7 to CF11 we are experiencing some weird failure with cflogin (using session or cookie storage).
  Basically when we log-in on the application after a session/client timeout the first login doesn't last for longer than the login submit request.
  The second login however is OK
  I made a very simple application.cfc/index.cfm with short timeouts to check this:
  <cfcomponent
  output="false"
  hint="I define the application settings and event handlers.">
          <!--- Define the application settings. --->
          <cfset this.name = hash( getCurrentTemplatePath() ) />
          <cfset this.applicationTimeout = createTimeSpan( 0, 0, 10, 0 ) />
          <cfset this.sessionTimeout = createTimeSpan( 0, 0, 0, 10 ) />
          <!--- Set up the application. --->
          <cfset THIS.SessionManagement = true />
          <cfset THIS.ClientManagement = true />
          <cfset THIS.SetClientCookies = true />
          <cfset THIS.loginStorage = "Session" />
          <cfset THIS.clientStorage = "sidys" />
          <!--- Define the request settings. --->
          <cfsetting showdebugoutput="false" />
          <cffunction
                  name="OnRequestStart"
                  access="public"
                  returntype="boolean"
                  output="true"
                  hint="Fires at first part of page processing.">
                  <!--- Define arguments. --->
                  <cfargument
                  name="TargetPage"
                  type="string"
                  required="true"
                  />
                  <cfset SetLocale("fr_FR") />
                  <cfif IsDefined("Form.logout") or IsDefined("URL.logout")>
                          <cflogout />
                  </cfif>
                  <cflogin idletimeout="20">
                          <cfdump var="#Session#">
                          <cfinclude template="form.inc" />
  <cfif not isDefined("cflogin") or (cflogin.name IS "" OR cflogin.password IS "")>
          <cfoutput>
                  <form method="post">
                  <b>login :</b>
                  <input type="text" name="j_username" size="24" class="champ" />
                  <b>passwordnbsp;:</b>
                  <input type="password" name="j_password" size="15" class="champ" />
                  <input type="submit" value="Login" class="button" name="submit" />
                  </form>
          </cfoutput>
          <cfabort>
  <cfelse>
          <cflock timeout="10" scope="Session" type="exclusive">
                  <cfloginuser name="#cflogin.name#" Password="#cflogin.password#" roles="role">
                  <cfset Session.id=cflogin.name />
          </cflock>
  </cfif>
                  </cflogin>
                  <cfdump var="#Session#">
                  <cfif GetAuthUser() NEQ "">
                          <cfoutput>
                                  <form method="Post">
                                  <input type="submit" Name="Logout" value="Logout">
                                  </form>
                          </cfoutput>
                  </cfif>
                   <cfreturn true />
          </cffunction>
  </cfcomponent>

  I created a directory and copied your code to it. The exception was that I set THIS.ClientManagement to false and commented out the lines <cfset THIS.clientStorage = "sidys" /> and <cfinclude template="form.inc" />.
  The code worked as expected. The files I used in the test are shown below.
  index.cfm
  We are in index.cfm<br>
  <cfdump var="#session#">
  Application.cfc
  <cfcomponent>
  <!--- Define the application settings. --->
  <cfset this.name = hash(getCurrentTemplatePath()) />
  <cfset this.applicationTimeout = createTimeSpan( 1, 0, 0, 0 ) />
  <cfset this.sessionTimeout = createTimeSpan( 0, 0, 0, 10 ) />
  <!--- Set up the application. --->
  <cfset THIS.SessionManagement = true />
  <cfset THIS.ClientManagement = false />
  <cfset THIS.SetClientCookies = true />
  <cfset THIS.loginStorage = "Session" />
  <!--- <cfset THIS.clientStorage = "sidys" /> --->
  <!--- Define the request settings. --->
  <cfsetting showdebugoutput="false" />
  <cffunction
                  name="OnRequestStart"
                  access="public"
                  returntype="boolean"
                  output="true"
                  hint="Fires at first part of page processing.">
                  <!--- Define arguments. --->
                  <cfargument
                  name="TargetPage"
                  type="string"
                  required="true"
                  />
                  <cfset SetLocale("fr_FR") />
                  <cfif IsDefined("Form.logout") or IsDefined("URL.logout")>
                          <cflogout />
                  </cfif>
                     <cflogin idletimeout="10">
                    <!--- <cfinclude template="form.inc" /> --->
                     <cfif isDefined("cflogin.name") AND cflogin.name IS NOT "" AND cflogin.password IS NOT "">
                           <!--- login form submitted, with username and password filled in --->
                           <cfloginuser name="#cflogin.name#" Password="#cflogin.password#" roles="role">
                           <cfset Session.id=cflogin.name />
                    <cfelseif getAuthUser() IS "">
                            <!--- User not yet logged in --->
                            <cfinclude template="loginForm.cfm">
                            <cfabort>
                   </cfif>
                  </cflogin>
          <cfif getAuthUser() NEQ "">
              <cfinclude template="logoutForm.cfm">
              <!--- <cfabort> --->
          </cfif>
      <cfreturn true />
      </cffunction>
  </cfcomponent>
  loginform.cfm
  <div>
  <form method="post">
  <b>login :</b>
  <input type="text" name="j_username" size="24" class="champ" />
  <b>password :</b>
  <input type="password" name="j_password" size="15" class="champ" />
  <input type="submit" value="Login" class="button" name="submit" />
  </form>
  </div>
  logoutform.cfm
  <div>
  <form method="Post">
  <input type="submit" Name="Logout" value="Logout">
  </form>
  </div>
  You will observe that, like you, I set the session and cflogin timeout to a low test value, 10 seconds. When I first opened the URL to index.cfm in the browser, the login form was duly displayed. I entered a name and password and submitted the form.
  I got the index.cfm page again. That time it had the logout button and a dump of the session scope. The dump contained an id (my username), confirming that login was still active. When I re-requested index.cfm, repeatedly in the browser, within around 4 or 5 seconds, its contents remained unchanged.  I then waited for about 15 to 20 seconds, for the login and session to time out.
  I then repeated the procedure of logging in and re-requesting index.cfm every 4 or 5 seconds. I got the same result: its contents remained unchanged. That is the expected behaviour of cflogin and session.

• CFLOGIN not maintaining cfauthrization session variable

  I have a simple CF web site where all of the .cfm is in the
  same directory. I can not use client cookies as the people I am
  writing this for have cookies turned off in IE, therefore I am
  using J2EE session variables and CFLOGIN in an application.cfm file
  (code attached) for authentication. Everything works correctly
  during login and I can see the encrypted username/password as the
  cfauthorization session variable....
  Session Variables:
  cfauthorization=Y3BkYWRtaW46cmVwb3J0ODQzOmNwZA==
  sessionid=c23059df643c42544069
  urltoken=CFID=783&CFTOKEN=91556252&jsessionid=c23059df643c42544069
  Once I try to browse to another cfm page on the site, I get
  booted back to the index.cfm login page. After some digging I
  figure out that the cfauthorization variable was blank after I
  click on the link, which as I understand it indicates that I am not
  logged in and the
  <cfif not IsDefined("cflogin")>
  <cfinclude template="index.cfm">
  <cfabort>
  code in the application.cfm sends me back to the login page.
  I have confirmed that using valid credentials causes <cfif
  cpdauth.recordcount GT "0"> to return true.
  Any idea as to why my session authorization is not being
  maintained between pages? Or if I am completely off base as to the
  reason this is happening.....and if so, what am I doing wrong.
  Thanks
  Greg

  Your login code seems to be fine. You yourself are already
  aware that you have to have a way to pass-the-baton between
  requests, to maintain a session.
  The usual way Coldfusion maintains sessions is to send CFID
  and CFTOKEN cookies to the client browser. That happens
  automatically under the hood, assuming you haven't switched
  setClientCookies off.
  For session management by means of cookies, I would use a
  cfapplication tag like
  <cfapplication name = "cpd"
  applicationTimeout = "#createTimespan(1,0,0,0)#"
  sessionManagement = "yes"
  clientManagement = "yes"
  sessionTimeout = "#createTimeSpan(0,0,20,0)#"
  setClientCookies = "true"
  scriptprotect="all"
  loginstorage="Session">
  However, all of that assumes that the client browser accepts
  cookies. Where it doesn't, the usual way to maintain sessions is to
  pass CFID and CFTOKEN values in the URL of every request. In fact,
  the function that Bluetone suggests,
  URLSessionFormat,
  makes the process efficient. It instructs Coldfusion to append CFID
  and CFTOKEN to the URL only when the client doesn't accept cookies.
  Which means Coldfusion would still be using cookies wherever
  possible. Some examples
  <a href="#URLSessionFormat('orders.cfm')#">My
  orders</a>
  <cfform method="Post"
  action="#URLSessionFormat("MyActionPage.cfm")#">
  </cfform>
  <cflocation url = "products.cfm" addToken = "yes">

• Problem with cflogin

  I am using cflogin for processing login page and use session
  variable to store info, but I have a problem that when I login to
  admin page (www.mysite.com/admin/index.cfm) It has no problem but
  when I return to my homepage (www.mysite.com/index.cfm type on
  address bar and press enter) the index.cfm page loaded but when I
  log, it does not work, when I press F5 to refresh, it's ok, I don't
  know how?
  anyone has the same problem?
  plz help me!
  thansk!

  Do members have to log-in to use the site, or do they just need to log-in to get their session registered (much like a forum browser vs forum poster)?
  If you want to login users via the <cflogin> tag, you always want to use the j_username and j_password as the form names.  ColdFusion is built in to listen to any forms passed with those variable names.  Also, the <cflogin> tag should always sit in the application.cfm/cfc page.
  Have you read the "Security CF Applications" tutorial?  That may help.  http://livedocs.adobe.com/coldfusion/8/htmldocs/appSecurity_01.html#1100022
  You can use that as a good start.  In your application page <cflogin> tag, you can define whether or not someone is logged in by using session variables and the built in function #getAuthuser()#.  If you are not logged in, getAuthUser() will return 0.  That is an easy way to tell if someone is logged into the website.

• CFLogin Not Behaving as Expected

  Hello,
  I'm creating a login system based on one in the live articles (found here: http://help.adobe.com/en_US/ColdFusion/9.0/Developing/WSc3ff6d0ea77859461172e0811cbec22c24 -7c30.html#WSc3ff6d0ea77859461172e0811cbec0c8f9-7fdf ) Basically, am trying to modify the files so that the Application.cfc sets variables and returns them to the loginform (if login fails) or redirects to a secured page if login succeeds.
  Here's my modified code: (I've added comments here in blue to explain my logic)
  Application.cfc
  <cfcomponent>
  <cfset This.name = "LoginAdminTool">
  <cfset This.Sessionmanagement="True">
  <cfset This.loginstorage="session">
  <cffunction name="OnRequestStart">
      <cfargument name = "request" required="true"/>
      <cfif IsDefined("Form.logout")>
          <cflogout>
      </cfif>
      <cflogin>
          <cfif NOT IsDefined("cflogin")>
              <cfinclude template="loginform.cfm">
              <cfabort>
          <cfelse>
              <cfset Session.loginErrEmptyString = "False"> This resets values of variables in the login form
              <cfset Session.loginErrInvalidString = "False"> This resets values of variables in the login form
              <cfif cflogin.name IS "" OR cflogin.password IS ""> 
                  <cfoutput>
                      <cfset Session.loginErrEmptyString = "True"> If the string is empty, set the variable to true, return to login
                      <cflocation url="loginform.cfm">
                  </cfoutput>
                  <cfabort>
              <cfelse>
                  <cfquery name="loginQuery" dataSource="myds"> If there is a  value, validate it against my db...
                  SELECT userName, userPass, userRole
                  FROM security
                  WHERE
                      userName = '#cflogin.name#'
                      AND userPass = '#cflogin.password#'
                  </cfquery>
                  <cfif loginQuery.userRole NEQ "">
                      <cfloginuser name="#cflogin.name#" Password = "#cflogin.password#" roles="#loginQuery.userRole#">
                      <cfset Session.userLoggedIn = "True"> if a result comes back, setuser logged in to true and redirect him to index.cfm
                      <cflocation url="index.cfm">
                  <cfelse>
                      <cfoutput>
                          <cfset Session.loginErrInvalidString = "True"> Otherwise login is invalid... return to form
                          <cflocation url="loginform.cfm">
                      </cfoutput>    
                      <cfabort>
                  </cfif>
              </cfif>    
          </cfif>
      </cflogin>
  </cffunction>
  </cfcomponent>
  And here is the form:
                  <cfoutput>
                  <form action="#CGI.script_name#?#CGI.query_string#" method="Post">
                  <fieldset>
                  <ul class="logIn">
                      <li><label for="userName">Username</label></li>
                      <li><input type="text" name="j_username" id="userName"></li>
                      <li><label for="userPass">Password</label></li>
                      <li><input type="password" name="j_password" id="userPass"></li>
                      <li><input type="submit" value="Log In"></li>
                  </ul>
                  </fieldset>             
                  </form>
                  </cfoutput>
              </div><!--/box_sml-->
              <div class="box">
                  <cfif Session.LoginErrEmptyString IS "True"> If the strings were empty error comes back, the page displays this error code
                      <cfoutput>
                      <h2>You must enter text in both the Username and Password fields.</h2>
                      </cfoutput>
                  <cfelse>                   
                      <cfif Session.LoginErrInvalidString IS "True"> If login is invalid, it does that
                          <cfoutput>
                          <h2>The login information entered is invalid. Please Try again.</h2>
                          </cfoutput>
                      </cfif>
                  </cfif>
                  <cfdump var="#cgi#">
                  <cfdump var="#session#">
  The problem i am having is that, even when I am logging in correctly, the Application.cfc is not redirecting to index.cfm.... does anyone know the cause of this issue? Any help would be great appreciated... I'm sure there are many ways to code my logic better, but my intent was to avoid Application.cfc dumping html tags above the include="loginform.cfm" tag as per original script. I want to create my error messages within the form page itself..

  Test by replacing <cfif loginQuery.userRole NEQ ""> with <cfif loginQuery.recordcount GT 0>

• Long List Of CFLOGIN Roles and Performance

  I have a very long list of Roles for the "roles" attribute of
  cflogin (around 60). Is this going to be a severe performance
  problem?
  Boybles

  You can try connecting to weblogic from the console and using:  listAppRoles(“obi”) and listAppRoleMembers(“obi”,”BIConsumer”). You can find more details by following this link: http://www.rittmanmead.com/2011/04/oracle-bi-ee-11g-migrating-security-policy-store-part-2/

• Is it common to use cflogin ?

  Hi, I'm using cflogin for my login/logoff actions inside my
  application.cfm(sample pasted below). There is basically only a few
  users on this app. I'm new to coldfusion so my questions are:
  1. Is this a new common practice to use cflogin?
  2. In firefox, every time I login, I see a cookie generated,
  but in IE, I don't seem to see a cookie being generated so how come
  it still works in IE, is cookie hidden?
  Thanks so much for your help,
  C
  My sample cflogin code:
  <cflogin>
  <cfif NOT IsDefined("cflogin")>
  <cfinclude template="loginform.cfm"> <cfabort>
  <cfelse>
  <cfif cflogin.name eq "admin">
  <cfset roles = "user,admin">
  .......

  1. In the future, I may have to incorporate roles into my
  login system,
  I've seen this code before, I was wondering if you had any
  comments or
  experiences on this?
  Yes it can, then you use the isUserInRole() function to
  determine get a
  boolean of whether the user is in a given role. This is one
  of the
  limitations that prompted us to role our own system. You can
  ask if a
  user is in a given role, but you can not ask, what role(s) is
  a user in.
  2. Dan, in my cflogin code in application.cfm, I don't set
  any cookie
  (not knowingly), but it still seems to work, is this a
  problem in my
  code that I have to investigate ?
  CF automatically sets the needed cookies, CFIDE/CFTOKEN
  usually. You
  only need to worry about this if you want to insure that
  these cookies
  are temporary memory cookies that expire that the closing of
  the
  browser. Otherwise they default to being permanent cookies
  with
  temporary values in them.

• Accessing CFLOGIN Vars

  Accessing CFLOGIN Vars
  I've got a basic CFLOGIN framework going to secure an application.  Everything is working fine, except after they log in I need to query a database for to pull info for each user.  I used to use session variables, set in the login script, to do this. 
  I'd like to user cflogin.name and cflogin.password to identify the correct DB record.  But the Adobe documentation says "You can use these values in the cflogin tag body to authenticate the user, and, in the cfloginuser tag, to log the user in. The structure is only available in the cflogin tag body."
  This seems like it defeats the point of using CFLOGIN, since the code between <cflogin> and </cflogin> only executes when a user IS NOT logged in. Does this mean that upon entering the correct user/pass, I have to also  set a session variable to identify the user outside of the CFLOGIN tag?  It seems redundant...
  Anyone have an explanation/solution?  Below is my query and error.
  THANKS!
            <cfquery datasource="DS" name="QName" username="username" password="password">
        SELECT *
        FROM table
        WHERE username = #cflogin.name#
      </CFQUERY>
  Error:  Element NAME is undefined in CFLOGIN.

  Accessing CFLOGIN Vars
  I've got a basic CFLOGIN framework going to secure an application.  Everything is working fine, except after they log in I need to query a database for to pull info for each user.  I used to use session variables, set in the login script, to do this. 
  I'd like to user cflogin.name and cflogin.password to identify the correct DB record.  But the Adobe documentation says "You can use these values in the cflogin tag body to authenticate the user, and, in the cfloginuser tag, to log the user in. The structure is only available in the cflogin tag body."
  This seems like it defeats the point of using CFLOGIN, since the code between <cflogin> and </cflogin> only executes when a user IS NOT logged in. Does this mean that upon entering the correct user/pass, I have to also  set a session variable to identify the user outside of the CFLOGIN tag?  It seems redundant...
  Anyone have an explanation/solution?  Below is my query and error.
  THANKS!
            <cfquery datasource="DS" name="QName" username="username" password="password">
        SELECT *
        FROM table
        WHERE username = #cflogin.name#
      </CFQUERY>
  Error:  Element NAME is undefined in CFLOGIN.

• I get the message"The product distribution file could not be verified. It may be damaged or was not signed." and cannot download mountain lion. what is the probem?

  I get the message"The product distribution file could not be verified. It may be damaged or was not signed." and cannot download mountain lion. what is the probem?

  http://blogs.picpacwrack.net/2011/11/you-need-command-line-on-mac-too.html

• Cflogin in appliction.cfc seems to not work

  I have my login code for my website (ecommerce) in the
  OnRequestStart function of my application.cfc. When this code gets
  invoked it will create my specialized session vars
  (Session.UserData) but will only populate the GetAuthUser() var for
  that one page. If i refresh that same page or do a dump of that var
  on another page the var is empty. Is this normal? How can i tell if
  the user was loggined into the application successfully? the login
  code is attached.
  Any help would be greatly appreciated.

  you should be able to output getAuthUser() and it should
  contain the current user for that session (after login) on your
  index.cfm page.
  you should wrap your entire login process inside the cflogin
  tags since what is between the tags will only get processed if the
  user is not already logged in.
  In your code above you have the cflogin tag only around the
  cfloginuser tag.
  a good example of the use of the cflogin inside the
  application.cfc can be found in the cf8 documentation. but I will
  attach the important bits here.

• Why my cflogin data isn't persistent?

  Hello everybody.
  I like to use application.cfc to solve many problems in my
  development work. I have a big mistake in my application.cfc : it
  only accept the session authorization [GetAuthUser()] one time,
  when i load other page, it miss.... I attach my OnRequestStart
  Function, an please, i don't like to use a session variable to use
  a cflogin. HELP!!!

  The presence of the line <cfreturn False> implies that
  you must this instead <cffunction name="OnRequestStart"
  returntype="boolean">. It seems you evaluate session.user.name,
  session.user.pass and session.user.rol, respectively, from
  cflogin.name, cflogin.password and retorno after a successful
  login. If so, there is a possibility that Coldfusion will never run
  the code block
  <cfif isdefined("session.user.name") and
  isdefined("session.user.pass")>
  <cfif len(session.user.name) gt 0 and
  len(session.user.pass) gt 0)>
  <cfloginuser name="#session.user.name#" Password =
  "#session.user.pass#" roles="#session.user.rol#">
  <cfelse>
  <cflocation
  url="#application.virtualpaths.approot#/login.cfm?formerror=2"
  addtoken="yes">
  </cfif>
  </cfif>
  It is within the cflogin tag, which no longer runs once
  Coldfusion logs the user in.

• CFLogin fails in Firefox 4 when trying to logout.

  I have an admin area that uses the CFLogin system that was created by the CFLogin Wizard in Dreamweaver.  I am using the simple authentication method.  Everything has been working great.  Today I noticed that when I tried to logout of the admin area using Firefox 4 it directly loads the mm_wizard_authenticate.cfc and the page is blank. The URL in the address area looks like this:
  http://www.domain.com/admin/mm_wizard_authenticate.cfc?method=logout&amp;loginType=CFlogin
  The code I use for the logout button is as follows:
  <cfform action="mm_wizard_authenticate.cfc?method=logout&loginType=CFlogin" method="Post">
  <cfinput type="image" src="/admin/images/newadmin_logout_brown2.gif" name="Logout" value="Logout" class="hoverswap">
  </cfform>
  No error thrown. Also when I look through the log files found in CF admin, nothing is logged that is related to this.
  I am able to logout correctly using Safari, IE, and even Firefox 3.6.  This is also non-platform specific.  I've tried it on my Mac and on a Windows machine, same results and is repeatable.  I've also tested this on two different instances of CF9 on different servers, same results.
  Anyone else having this issue with the cflogin system created by the CFLogin Wizard and using simple authentication?  This has been working flawlessly for over a year and the code hasn't changed.
  Running CF 9.0.1 on a Linux machine and using an Apache server.
  The cflogin was created using Dreamweaver CS4.

  You don't have to be "in" Safari for it to cancel logout.
  You have several different Applications open, and any one of them may cancel logout if conditions are just right.
  Quit the Applications you are no longer using and your Mac will run better and faster. And it will logout instead of cancelling.

• My imac is getting slower and slower and has probems connecting to internet. Any idea on how to restore initial performance? thanks

  my imac is getting slower and slower and has probems connecting to internet. Any idea on how to restore initial performance? thanks

  What year, screen size, CPU speed and amount of RAM installed?
  What version of OS X is your iMac running?
  How full is your Mac's hard drive?
  How many applications do you run simultaneously in the background while working in another application?
  Do you run any antivirus software on your Mac? Antivirus software can slow down the normal operation of OS X.
  Do you run any "crapware" like Mackeeper or any other type of so called hard drive "cleaning" apps?