> 1. Login.cfm will reside in the root and will take username
> and password 2. Login_process will ALSO reside in the root,
> and if the user successfully logs in, it sets a session,
> <cfset session.LoggedIn=1> refreshes the parent window, then
Correct, although I normally recommend using self-posting forms. It
makes updates _much_ easier.
> closes itself. 3. If not a success, then that page stays up
> and gives the user the opportunity to try again, or close the window.
>
> Once the user successfully logs in:
> Place a line of code on each page in that "protected"
> directory that will check for the existence of session.logged
> in, if not present, redirect to the index page of the root,
> which has a link to the login popup.
Ack! No. Again, look at my code. Notice how I use cfabort. This is what
you would need to do. It is MUCH better to protect all files in
application.cfm then add a check to each file. It is too easy to forget
a file that way.
> This being safe because, as long as no other pages in the
> site are checking for the existence of "session.loggedin"
> they should display just fine.
Or just don't do that. Check for getAuthUser()
> > See above. Did you notice how my code looked for form variables to
> > detect a login? There is no reason why your code couldn't
> do that. I'd
> > have the popup simply output JavaScript code to 'push' the parent
> > window to /lower, where /lower is the subdirectory of
> protected files.
> > Note - you don't really need to use a whole other subdirectory. You
> > could write your Application.cfm code so that the popups load.
>
> Well, that subdirectory will be further broken down by
> "roles" (if I understand roles correctly) so that a user will
> only be able to access subdirectories if their roles match,
> and if they don't they'll see an error message.
Ah, then I'd use an application.cfm in each subfolder. Make it cfinclude
the parent application.cfm. Then do a simple, if(isUserInRole("foo")) to
protect the folder.
=======================================================================
Raymond Camden, ColdFusion Jedi Master for Mindseye, Inc
Member of Team Macromedia
Email : [EMAIL PROTECTED]
Blog : www.camdenfamily.com/morpheus/blog
Yahoo IM : morpheus
"My ally is the Force, and a powerful ally it is." - Yoda
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription:
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
This list and all House of Fusion resources hosted by CFHosting.com. The place for
dependable ColdFusion Hosting.
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
