Im new to ColdFusion and I have just read this thread saying that there are lots of reasons not to use cflogin
Why don't people use <CFLOGIN>?
What should I use instead of CFlogin?
Thanks
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Im new to ColdFusion and I have just read this thread saying that there are lots of reasons not to use cflogin
Why don't people use <CFLOGIN>?
What should I use instead of CFlogin?
Thanks
Most developers roll their own login implementation. It usually starts a username/password check against salted and hashed records in a database. If the credentials provided authenticate, a user object (CFC or struct) is then put into the session scope or built and stored in the database with an expiration date/timestamp and then retrieved on every request. The user object would contain a lot more information than the simple “roles” list that cflogin provides. It could contain layers of security (authorization) information, along with commonly used values like a first name, last name, and email address.
One advantage to cflogin that wasn’t discussed in the referenced thread is that cflogin also works with the new web sockets functionality in ColdFusion 10. Most of the time, though, cflogin is quite limited and doesn’t meet the needs of more complex applications.