1) I know that cfcontent has no knowledge of the login status of the user.
2) I stated that I am checking the user's IP address as my "login check"
against a database of allowed IPs. This is done in application.cfm and
works fine for any pages that are not using cfcontent to serve up the
content.
3) On a whim, I tried to put the authentication script that resides in
application.cfm around the cfcontent call, and the same thing happened.
(See #4)
4) Jochem, what is supposed to happen if they don't have an allowed IP, a
javascript alert is displayed, then when they click "OK", they are
redirected to the index page of the main site. What is/was happening is
they were just being allowed to see the Word doc as if they were IP
authenticated (ie, a "member" of the site).
5) Ben was onto something when he suggested the cfflush route, and this is
what I've used to "fix" the system. My code looks like this, in case
anyone's interested:
in application.cfm (pseudocode, since I'm at home right now and don't have
the access to the server at the moment.)
<cfquery name="qry_ck_IP">
SELECT IP
FROM IP_LCK
WHERE user_IP = #IP#
</cfquery>
<cfif qry_ck_IP.RecordCount EQ 0>
<javascript>
alert("You are not allowed be here. Get out");
</javascript>
<cfflush>
</cfif>
in doc_server.cfm (again, pseudocode)
<cfif NOT isDefined("URL.file")>
<cflocation URL = "index.cfm">
</cfif>
<cfcontent type="application/msword" file="#ExpandPath(file)#"
deletefile="no">
This seems to work. Taking out the cfflush "breaks" my authentication
scheme.
Ray
On 8/18/06, Casey Dougall <[EMAIL PROTECTED]> wrote:
>
> I don't think cfcontent or any tag for that matter knows if a user is
> logged
> in. Regardless if the application.cfm you need to specifically wrap code
> around cfdocument to ensure the person is logged in or whatever before
> you
> run it.
>
> As an example, you can run a cfinclude and it will bypass
> application.cfmand call up any page you want to include, why would
> cfcontent be any
> different.
>
> Casey
>
> On 8/18/06, Jochem van Dieten <[EMAIL PROTECTED]> wrote:
> >
> > Ray Champagne wrote:
> > > I have a directory that is "protected" by a script that checks the
> > > user's IP against the database in Application.cfm. If the user is
> > > there, they are allowed "in".
> >
> > What happens when the user is not in there?
> >
> > Jochem
> >
> >
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting,
up-to-date ColdFusion information by your peers, delivered to your door four
times a year.
http://www.fusionauthority.com/quarterly
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:250378
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
