Detect Login Attempts

Ask a Question related to Coldfusion - Advanced Techniques, Design and Development.

  1. stallionmvp #1

    Default Detect Login Attempts

    Hi All,
    I am trying to think of a technique to lock the user out say 5-10 minutes if
    that user failed to authenticate three times consecutively within a minute. I
    am thinking of implement using session variables only, and not using the sql
    server tables. If anyone can post their good working approach to this, that
    would be great. Thanks in advance.

    stallionmvp Guest
    Reply With Quote Reply With Quote

    2. Similar Questions and Discussions

    1. What does CF do when a second user attempts a doublelogin?
      One user is logged in. What does the Coldfusion server do when a second user attempts to login, using the first user's login credentials? Please...
    2. how to track where user attempts login
      I have an admin equivalent account that I recently had to change the password for due to a change in personnel. The admin account now gets locked...
    3. transaction aborts on alternate identical attempts
      Hi I have a page that uploads an xml file and reads it into a SQL database. The page is transactional and aborts if there are any anomalies in...
    4. How to detect Windows 2kXP/NT user login
      I have a problem with embeded font. However my problem is solved by replacing all text/field embeded font to the system font. But, if user login as...
    5. fail login attempts
      Hi ,i want to configure my ssh daemon on my Linux server to limit fail login attempts ,I know that i can configure sshd to disconnect after some...
  2. Pete Thomas #2

    Default Re: Detect Login Attempts

    If you really want to tie this down then a session based approach would not
    really provide an answer as a new session could be easily created by a
    perpetrator by either deleting their cookie or with the use of a robot client.
    (ie CFHTTP). If you don't want to work with the database then APPLICATION
    scope is the place to put your logic. I guess you would have to create some
    kind of lookup including a user account identifier, failed count, timestamp of
    the failure and timestamp of last attempt, and do a check before allowing a
    login and a reset on a success.

    Pete Thomas Guest
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139