You need to sign in to do that
Don't have an account?
Login/Session Validation -- visualforce component
Hello SF people out there!
So I've got a situation:
I'm building a site where users can register and login and do stuff. I would like to create a system that when the user logs in, it sets a cookie and when he jumps from page to page, it does a verification of the user's session. I thought about doing this using a visualforce component and putting it in every page; basically, the users logs in, creates the session and every page he goes the component has an action to perform the verification. And I would onky have to code this once, rather than doing this for every controller of every page.
1st -- I would like to know if this is a good approach? Or if there are other/better ways to do this?
2nd -- Can I call this verification function (from the component controller) on page load and then send it to login page if it's doesn't verify? I tryed using actionFuntion but it seems it's not calling the function, I have nothing in log.
Anyone who has some insight in this... please.
Thank you.
If I recall correctly, you can't legally build your own authentication system, it's not allowed by the terms and conditions of using Sites. Instead, you can purchase
High Volume Portal Licenses (or whatever they're called these days)Authenciated Website User licenses. This gives you the ability to have your visitors register against your accounts/contacts in salesforce, manage their passwords, enable sharing and security, and even disable them individually. It also gives you the same standard session management that you'd expect with regular users; session timeout is automatically handled for you, expired logins are automatically redirected to your Site's login page, and they can reset their own passwords through the Site. In short, the answer to the first question is, no, it's not a good approach, because there's a standard mechanism to do this, and the answer to the second question is that you don't need to write any components at all if you leverage the standard system functions. The last I heard, this feature ran at about $1500/year for many licenses (80,000?), but you should contact sales to be sure. As a developer, you can also probably request a few demo licenses for testing purposes only.Hello,
Well if you have a service, implemented in salesforce and this service has users (not SF users!), you can't have a login page for these? Imagine you have a site built in SF and you manage users for that site.
Thanks for the reply.
eclf
Hello,
I understand what you're saying completely; I thought about it myself, secutiry is always a big issue. The information we keep about the "pseudo-users" is reduced to a minimum; the site is public for everyone, just some things are disclosed only to the ones that are subscribed to our service. And they, just like you exemplified, don't have much access to salesforce, except what's in the site.
I thing I got around solving my situation in another way, but nevertheless, I would like to thank you for your insight and for the time you spent in posting. It's always good to learn more from fellow SFers. I appreciate it.
eclf