Restrict Access to Login Pages?
Jason,
I thought I had all the login pages setup correctly with the appropriate webpage opening after logging in from specific login pages.
Now after reading your last post I get the impression I'm supposed to restrict access to "Login" pages. Is that correct?
Among the many new Server Behaviors created by SecurityAssist for the SecurityAssist-generated "Login" page, there are 2 entries for "SecurityAssist Authenticate User."
The 1st "SecurityAssist Authenticate User":
-Trigger: any form post
-If log in succeeds, go to: home.php?loggedIn=1
-If log in fails, go to: login.php?failedLogin=1
The 2nd "SecurityAssist Authenticate User":
-Trigger: ((isset($_SESSION["SecurityAssist_UserID"]) && $_SESSION["SecurityAssist_UserID"] != "")?"LoggedIn":"") == "")&&(((isset($_COOKIE["AutoLoginUN"]))?$_COOKIE["AutoLoginUN"]:"") != "")&&(((isset($_COOKIE["AutoLoginPWD"]))?$_COOKIE["AutoLoginPWD"]:"")
-If log in succeeds, go to: "nothing is defined in this field"
-If log in fails, go to: "nothing is defined in this field"
Do I still need to add a "Restrict Access" behavior to this "Login" page?
Do I need to modify the 2 "SecurityAssist Authenticate User" Server behaviors?
Thanks,
Robert
