Developing A Login System For A Flex Application With A ColdFusion and Database Backend Part 1


At work, I'm developing a Flex intranet company newsletter application. One of the first parts of the application is a login for users. To document what I'm learning as I design this application, I'm starting a series of blog entries on creating a Flex application that uses a login system tied to a database backend to authenticate a user before showing the user the main application. I will start from scratch and post a series of articles on how I designed this login system.

To understand these blog entries you should be familiar with structured query language (SQL), ColdFusion MX, ColdFusion Components, Flex 2.0, and Flex Builder. My backend database for development is SQL Server 2005 Express and I use SQL Server Studio Managerment Express for database design and testing (both are free from Microsoft).

The main application for my personal testing is called Geek Newsletter. Since we are just concerned with building a login system for the main application, we don't need to worry about what the Geek Newsletter application will actually do. Please note my Geek Newsletter term should not be confused with any existing Geek News or Geek Newsletter applications, websites, etc.

Login Use Cases

I'm going to start with two very simple use cases.

A. User visits the application and the login screen loads. User is already a member. User enters user name and password correctly. User information is validated by comparing user information to information stored in a database. User supplied information matches what is found in the database. User is shown the main application.

B. User visits the application and the login screen loads. User is not already a member. User clicks on the join button. Login form changes to a registration form. User enters registration information correctly. User's information is stored in the database successfully. Registration form changes back to login form. User proceeds as in case A.

Business Rules

1. Database will store the following information about each member: userName, password, firstName, lastName, and email.

2. Every userName and email address must be unique.

3. Everyone must login to access the main application

4. Users who are not yet members may join by successfully completing a registration form that collects the information specified in business rule 1

Design Part 1 - Building the Backend

(Note: You can download all the code and SQL scripts. Unzip the files into a directory under your web root if you want to use the CFCs and test CF templates.)

Once I have a couple of simple use cases and business rules to work with, I like to start my design with developing and testing the backend. Based on the uses cases and business rules known so far, I've determined that I just need one table in my database. So in SQL Server Studio Management Express, I created a new database named GeekNewsDB. In that database, I created a new table called member. Below is the create table SQL (which is also part of the code download for this tutorial).

Create the Member table in database

A database named GeekNewsDB must have been already


USE GeekNewsDB

drop table Member;

create table Member (

memID integer IDENTITY(1,1) primary key,
memUserName varchar(40) not null,
memPassword varchar(40) not null,
memEmail varchar(200) not null,
memFirstName varchar(50) not null,
memLastName varchar(50) not null,

CONSTRAINT memUserNameCon UNIQUE(memUserName),
CONSTRAINT memEmailCon UNIQUE(memEmail)


Notice that the primary key for table Member is memID and will be automatically populated by SQL Server. Also note that I've stated each column cannot be null and that the memUserName and memEmail must be unique. I am trying to get the database to help enforce some of the business rules noted above.

After creating the table, I wrote some SQL scripts to test constraints. That SQL file is part of the zip download.

To connect to the GeekNewsDB, you'll need to create a Data Source Name and connect it to the SQL Server 2005 GeekNewsDB database. I used GeekNews as my data source name. If you use a different name, you'll need to change the TestMemberDao.cfm file.

Next I created a Member.cfc, a MemberDAO.cfc, and a MemberService.cfc. These CFCs are standard ColdFusion practices to work with data stored in a table. You should note that my MemberDAO.cfc uses CFTransaction and throws exceptions if the database operations (Create, Read, Update, Delete) are not successfully completed. The files TestMember.cfm, TestMemberDAO.cfm, TestMemberService.cfm test these CFCs and also provide examples of how you could handle the exceptions thrown by the MemberDAO.cfc.

After passing the tests, I have some confidence that my backend design is working. I can now proceed to the initial design of the Flex front end, which will be the next tutorial.

(Note: you may be wondering why I did not provide a MemberGateway.cfc. Since we are not yet concerned with collections of Member objects I decided a MemberGateway.cfc was not needed.)

Please feel free to post comments about my code and design approach. If you've got some good ideas about improving what I'm doing please post and provide links to some other similar examples.

Comments (Comment Moderation is enabled. Your comment will not appear until approved.)
i think that is going to be a great user login system but i don't understand how is the system linked to the application it self.
# Posted By rehan | 5/22/07 9:37 AM
Rehan - keep reading there are five more entries in this series. After you finish them, post any questions.
# Posted By Bruce | 5/22/07 5:10 PM

I understand the concept of using cfthrow. But I can't get it to work unless I turn on "Enable Robust Exception Information" in the cf admin panel.

This will then display information to users that I don't want them to see.

Is there a work around for this ?
# Posted By Ken caldwell | 7/24/07 10:12 PM
Ken - you don't need to enable robust exception information in CF Admin to use CFThrow.

Research exception handling in the CF Developer's Guide (online at

When I get some time I'll post a quick tutorial on using cftry, cfcatch, and cfthrow
# Posted By Bruce | 7/30/07 9:16 AM

I have tried everything I can think of. But I can't get it to work with Flex.
Even your tutorial app does not work.

Note that this works in cold fusion but not in flex.
That is if I create a coldfusion page to call the cfc the custom error is displayed in the browser, but I can't get the custom error to display in flex.

I will look forward to your tutorial when you can get around to it.
# Posted By Ken Caldwell | 8/16/07 4:47 PM
Ken - Have you downloaded and tested the code I provide in part 2 of this tutorial? See the link to part 2 above.
Download that code, make sure you have that database and data source set correctly. Then run the test CFM files. Then try the Flex app. Let me know how that code works for you.
# Posted By Bruce | 8/17/07 9:00 AM
Hi Bruce,
I was very pleased to find your tutorial on developing a login System.
I am using the same configuration as in the tutorial.
The database portion went smoothly then I ran into problems which I am sure are a result of my ignorance of Coldfusion and Flex.

My original application was created using the Coldfusion wizards for Flex.
I googled for a few hours trying to learn how to test the CFC's you included in the tutorial with no least nothing that made sense to me.

I know I can connect to the GeekNewsDB through Coldfusion as I tested it by creating a simple application using the Flex Coldfusion wizards.

I know this is asking alot but is there any way you can dumk it down abit for me.

Thanks for your help

# Posted By Blair | 8/26/07 12:41 PM

I'm not sure what part you're stuck on, but the tutorial assumes the reader knows how to use ColdFusion and Flex. If you're new to ColdFusion and/or Flex 2 check out the documentation for available at Adobe publishes free developer guides for both technologies.
# Posted By Blair | 8/27/07 9:49 AM
Hi Bruce,

Ta da... I've gotten everything working and it works GREAT!
Thank you so much for the time and effort you have put into this tutorial.

Now for the biggest newb question of them all. Now that I have everything working in your tutorial how do I impliment it within my own existing Flex project?
# Posted By Blair | 8/31/07 10:27 AM
Hi Bruce,
thank you so much for this great tutorial.

How did you generate the cfcs?
I have build the components with the coldfusion 8 Wizard.
They are looking different! Did you use another Wizard-Tool or a handmade Template?

Greetings from Cologne/Germany

# Posted By Uwe Schmitt | 2/13/08 1:53 PM
I probably built the CFCs manually. I usually don't use any of the CFC generating wizards.
# Posted By Bruce | 2/13/08 2:57 PM
Looking at Member.cfc you have double exclusive locks with the same name when calling the init() method. Each mutator method has a nexclusive lock and the mutators are called inside a lock by init(). Obviously it works (running TestMember.cfm confirms) but I was under the impression that an exclusive lock has to be released before the next lock can be set. So I am wondering why this works, and is it correct?
# Posted By Johan | 2/15/08 9:17 PM
Johan - I believe since the name value is the same for both cflock tags (the one in the init and the one in the setXXX) that a new lock is not needed when executing the set method when the set method is called from the init method.
# Posted By Bruce | 2/16/08 12:26 PM
Thanks Bruce - so are you saying that since the lock name is the same ColdFusion knows not to create the second lock when calling setXXX from init()? I was not aware of that - nice.

So put another way when init() is called only 1 lock is created even though init() calls a number of setXXX(0 methods with the same lock name.

Sorry did not mean to turn this into a CF discussion.
# Posted By Johan | 2/17/08 12:39 PM
Hi! Can i use Microsoft Access for the database?
# Posted By Mas | 6/1/08 11:30 PM
Hi! I tried to open this project in Flex Builder but it doesn't seems to work correctly. It can run and but i couldn't login. It shows the error message. So i guess that I'm not connected to the database or i put the file wrongly. Please help!
# Posted By Mas | 6/4/08 1:59 AM
thank you so much for this great tutorial.
# Posted By timpanee | 6/16/08 2:23 AM
You can use any database but the scripts will not for Access - just make the database and tables directly in Access.
# Posted By Johan | 9/10/08 6:37 PM
Thanks for the tutorial, I haven't made it all the way through but I'm typing the .cfc's by hand from your code and have notice a lot of things I wouldn't have done myself and wondering why. Hopefully you can shed some light on the matter...

You create an Member Object and then most of the MemberDAO.cfc uses the Object but then the DELETE function takes an integer as an argument and not the Member Object... why?

Also the database has Unique MemberID yet you test and count the query ROWCOUNTs via Coldfusion -- When would your db ever return more than one MemberID if your db has Unique ID's?

Cheers and thanks for keeping this tutorial alive.
# Posted By Truce | 8/19/09 8:47 PM
is it necessary to use DAO Architecture in coldfusion to build flex based application
# Posted By saim | 8/29/14 6:41 AM
BlogCFC was created by Raymond Camden. This blog is running version Contact Blog Owner