Speck CMS - A simple content management system for ColdFusion

you are here: home > documentation > users and security > user sessions

• Getting Started
  • Speck Concepts
  • System Requirements
  • Installing
  • Upgrading
  • Hello Speck!
  • Articles
  • Caching
• Sample Application
  • Installing
  • Displaying Content
  • Managing Content
• Application Configuration
  • Settings
  • Keywords
  • Globalization
  • UI Customisation
• Building Applications
  • Application Initialisation
  • Creating Content Pages
  • Creating Content Types
  • Built-in Content Types
  • Built-in Property Types
  • Event Handlers
  • Context Sensitive Help
• Users and Security
  • Security Files
  • User Sessions
  • Access Control
  • Password Encryption
  • Reserved Roles
• Optimising Performance
  • Output Caching
  • Query Caching
  • Unnecessary Processing
  • Database Performance

User Sessions

Speck sessions are managed within cf_spApp. If no speck session exists, it populates session.speck with default values. If it detects a logon attempt, it looks for a matching username and password in the security zones for the application, and if a match is found changes the session.speck.auth variable to "logon" and updates the values of some other variables, like the user's fullname and email address, in the session.speck structure. The session.speck structure is copied to request.speck.session for every request. You can use this structure in request scope to check if a user has authenticated, what groups they are a member of and so on.

Logging In

To allow your users to log on and manage content, you need to post a form containing two fields, spLogonUser and spLogonPassword. It doesn't matter what the action for the form is, once it's a template in the same Speck application because the cf_spApp tag takes care of processing spLogonUser and spLogonPassword form values and creating sessions.

If cf_spApp attempts to process a logon and the process fails (if the user is unknown or password is incorrect), the variable request.speck.failedLogon is created and set to true. You can use this variable to inform your users when their logon attempt fails. Failed logons are also logged in the log file for the application, and the log file will contain both the username and password submitted.

A simple example form is distributed with Speck and can be found in /speck/www/login.cfm. The Hello Speck application provides an example of how this template can be used, with the application name passed as a url parameter. If you copy the file into the www directory for your application, you won't need to pass the application name.

Logging Out

cf_spApp will check for an spLogout form variable and if found, will log the current user out, resetting the variables in session.speck to their default values. If you want to log a user out without submitting a form, you can create a logout script that just deletes the speck key from the session structure.

The Speck toolbar

A user session is useless for managing content unless the cf_spToolbar tag is called during the request. This tag creates a toolbar for managing content appropriate for the user and the application. The sydneyjabiru example application calls this tag in its header module, the helloworld example application just calls it in the Application.cfm, after cf_spApp. The ideal place to call the cf_spToolbar tag will vary from application to application, but in most cases calling it immediately following the <body> HTML tag will be appropriate.