on 3/17/03 11:53 AM, Raymond Camden at [EMAIL PROTECTED] wrote:
> Correct, although I normally recommend using self-posting forms. It
> makes updates _much_ easier.
Self posting forms, like the type that DreamweaverMX makes?
>> Once the user successfully logs in:
>> Place a line of code on each page in that "protected"
>> directory that will check for the existence of session.logged
>> in, if not present, redirect to the index page of the root,
>> which has a link to the login popup.
>
> Ack! No. Again, look at my code. Notice how I use cfabort. This is what
> you would need to do. It is MUCH better to protect all files in
> application.cfm then add a check to each file. It is too easy to forget
> a file that way.
Ahh, so I'd use Application.cfm in the root to SET session variables, and an
application.cfm in the lower directory to CHECK for and manage those session
variables that are passed from application.cfm from above?
>> This being safe because, as long as no other pages in the
>> site are checking for the existence of "session.loggedin"
>> they should display just fine.
>
> Or just don't do that. Check for getAuthUser()
In that lower Application.cfm? The one that will manage the sessions and
logins for that lower, protected directory?
I think I'm starting to "see" it now.
>> Well, that subdirectory will be further broken down by
>> "roles" (if I understand roles correctly) so that a user will
>> only be able to access subdirectories if their roles match,
>> and if they don't they'll see an error message.
>
> Ah, then I'd use an application.cfm in each subfolder. Make it cfinclude
> the parent application.cfm. Then do a simple, if(isUserInRole("foo")) to
> protect the folder.
Is this because, when a page is requested, once it FINDS an application.cfm
it stops ALL "looking for an application.cfm"? So you place an
application.cfm in the lower, individual directories and INCLUDE the
Application.cfm from "above"? (in the root of the "protected" directory)?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription:
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Signup for the Fusion Authority news alert and keep up with the latest news in
ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
