Custom authentication (additional power)
In this section, we will look at a customized way to handle authentication that gives us all the core features we need along with some additional enhancements. We are going to create a CFC for the user and nest the logic inside the user object for authentication. We will instantiate the user class as a session-based object. We will also take this logic and wrap it into Application.cfc so that it becomes portable and easier to implement in our programs. In the end, we will have more function and flexibility than the native authentication permission-handling system. Following is the code for the session start of Application.cfc:
<cffunction name="onSessionStart" output="false">
<cfscript>
// create default session stat structure and pre-request values
session._stat.started = now();
session._stat.thisHit = now();
session._stat.hits = 0;
// at start of each session update count for application stat
application._stat...
