在ColdFusion中注销后如何结束会话

时间:2019-04-11 12:29:29

标签: coldfusion cfml cfc

我正在为我的应用程序使用CFML。在开发注销会话以破坏会话的过程中,我需要帮助。现在,在注销链接上,我正在调用登录页面,但是当单击浏览器上的“返回”按钮时,用户仍然登录。

<!---LoginForm.cfm>--->

<!---Handle the logout--->

<cfif structKeyExists(URL,'logout')>
    <cfset createObject("component",'authenticationService').doLogout() />
</cfif>
<!---Form processing begins here--->
<cfif structkeyExists(form,'submitLogin')>
    <!---Create an instane of the authenticate service component--->
    <cfset authenticationService=createObject("component",'authenticationService') />
    <!---Server side data validation--->
    <cfset aErrorMessages=authenticationService.validateUser(form.userEmail,form.userPassword)>
    <cfif ArrayisEmpty(aErrorMessages)>
        <!---Proceed to the login procedure --->
        <cfset isUserLoggedIn=authenticationService.doLogin(form.userEmail,form.userPassword) >
    </cfif>
</cfif>
<!---Form processing ends here--->
<cfform>
    <fieldset>
    <legend>Login</legend>
    <cfif structKeyExists(variables,'aErrorMessages') AND NOT  ArrayIsEmpty(aErrorMessages)>
        <cfoutput>
        <cfloop array="#aErrorMessages#" index="message" >
            <p >#message#</p>
        </cfloop>
        </cfoutput>
    </cfif> 
    <cfif structKeyExists(variables,'isUserLoggedIn') AND isUserLoggedIn EQ false>
        <p class="errorMessage">User not found.Please try again!</p>
    </cfif>
    <cfif structKeyExists(session,'stLoggedInUser')>
        <!---display a welcome message--->
        <p><cfoutput>Welcome #session.stLoggedInUser.userFirstName# </cfoutput>
        <p><a href='#'>My profile</a><a href="LoginForm.cfm?logout">Logout</a></p>
    <cfelse>
        <dl>
        <dt>
            <label for="userEmail">Email address</label>
        </dt>
        <dd>
            <cfinput type="email" name="userEmail" required="true" >
        </dd>
        <dt>
            <label for="userEmail">Password</label>
        </dt>
        <dd>
            <cfinput type="password" name="userPassword" required="true" >
        </dd>
        </dl>
        <cfinput type="submit" name="submitLogin" value="Login" />
        </fieldset>
    </cfif>
</cfform>
<cfdump var="#session#">


<!---authenticationService.cfc--->
<cfcomponent>
    <cffunction name="validateUser" access="public" output="false" returntype="array">
        <cfargument name="userEmail" type="string" required="true" />
        <cfargument name="userPassword" type="string" required="true" />
        <cfset var aErrorMessages=ArrayNew(1) />
        <!---Validate the email--->
        <cfif NOT isValid('email',arguments.userEmail)>
            <cfset arrayAppend(aErrorMessages,'Please,provide a valid email address') />
        </cfif>
        <!---Validating the Password--->
        <cfif arguments.userPassword EQ ''>
            <cfset arrayAppend(aErrorMessages,'Please, provide a password') />
        </cfif>
        <cfreturn aErrorMessages />
    </cffunction>
    <!---doLogin() Method--->
    <cffunction name="doLogin" access="public" output="false" returntype="boolean">
        <cfargument name="userEmail" type="string" required="true" />
        <cfargument name="userPassword" type="string" required="true" />
        <!---create the isUserLoggedIn variable--->
        <cfset var isUserLoggedIn=false />
        <!---get the user data from the database--->
        <cfquery datasource="myapp" name="getInfo">
            select * from Info 
            where emailid='#form.userEmail#' and password='#form.userPassword#'
        </cfquery>
        <!---Check if the query returns one and only one user--->
        <cfif getInfo.recordcount eq 1 >
            <!--- log the user in --->
            <cflogin>
                <cfloginuser name="#getInfo.username#" password="#getInfo.password#" roles="#getInfo.role#">
            </cflogin>
            <!--- save user data in session scope --->
            <cfset session.stLoggedInUser={'userFirstName'=getInfo.username} />
            <!---change the isUserLoggedIn variable to true--->
            <cfset var isUserLoggedIn=true />
        </cfif>
        <!---return the isUserLoggedIn variable --->
        <cfreturn isUserLoggedIn />
    </cffunction>
    <!---doLogout() Method--->
    <cffunction name="doLogout" access="public" output="false" returntype="any">
        <!---delete user from session scope--->
        <cfset structDelete(session,'stLoggedInUser') />
        <!---log the user out--->
        <cflogout />
    </cffunction>
</cfcomponent>

1 个答案:

答案 0 :(得分:0)

关于注销后的返回按钮,情况是有人可以注销并离开计算机而无需关闭浏览器或锁定它。然后其他任何人都可以返回浏览器,然后在注销之前查看他们一直在查看的数据。

我们通过在每个页面请求上实现Pragma: no-cache标头解决了金融应用程序的问题。这会强制从服务器重新加载对页面的请求,而不仅仅是加载浏览器缓存中的内容。这意味着后退按钮将从服务器请求上一个URL,这将检查会话并将您带到您注销的登录页面。

它会抛弃一些习惯于以某种方式浏览您的网站的用户,但这将使其更加安全。