Re: Application security structure

ksuh Thu, 27 Mar 2003 10:59:28 -0800

You need to check to see if the user is being redirected to that page.  If they are, 
then they should skip the authentication.


<cfif not isDefined("session.Auth") and listLast(cgi.path_info, "/") neq "int.cfm">

----- Original Message -----
From: John Stanley <[EMAIL PROTECTED]>
Date: Thursday, March 27, 2003 11:39 am
Subject: Application security structure

> Running CFMX
> 
> Okay, this is a very basic question for alot of you, but one that 
> gives me
> pause everytime it comes up.
> 
> I am developing a large application-level web site that will house 
> severalsmaller applications inside of it. I am using application 
> and user-groups
> defined roles for each user to limit their access to whatever I 
> want them to
> see. This all works great.
> 
> Here is my problem:
> 1. The appliation.cfm loads with every page request.
> 2. If there is no Session.Auth structure, it makes one.
> 3. The session scope for the application tag in my application.cfm 
> is set to
> timeout after 20 minutes.
> 4. If the browser has had no activity for the prescribed length of 
> time, the
> user on the next page request should be prompted to log in again.
> 5. I cannot figuire out how to redirect the user by using code on the
> application.cfm to do this. Sort of like the following:
> 
> <cfif not isdefined("session.Auth")>
>       <cfset session.Auth = structNew()>
>       <cfset session.Auth.UserID = "0">
>       <cfset session.Auth.LoginAttempts = "0">
>       <cfset session.Auth.AppList = "">
> <cfelse>
>       <cfif session.Auth.UserID eq "0">
>               <script>
>                    document.location="int.cfm"
>               </script>
>       </cfif>
> </cfif>
> 
> This should be very easy, but I just cant get my head around it. I 
> keepgetting the million-page-loading problem.
> 
> Any thoughts.
> 
> :-)
> 
> John
> 
> 
> 
> 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Get the mailserver that powers this list at http://www.coolfusion.com

                                Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Application security structure

Reply via email to