OK, I understand that. But, in my case, I'm redirecting via cflocation
(even though I forgot that part in my code), so in my eyes, I'm taking care
of that even if I'm not showing the user why they are being redirected. I
know that's not the most user-friendly way of doing things, but it works
until we rewrite the app in a few months.
Thanks for clarifying what I assumed was going on here. It helps.
Ray
On 8/19/06, James Holmes <[EMAIL PROTECTED]> wrote:
>
> Of course. Without the cfflush, the JS bit and eny other content
> you've written is reset by the CFCONTENT tag.
>
> Never rely on JS or any other browser output to secure your apps. All
> security should be server-side.
>
> On 8/20/06, Crow T. Robot <[EMAIL PROTECTED]> wrote:
>
> >
> > <cfquery name="qry_ck_IP">
> > SELECT IP
> > FROM IP_LCK
> > WHERE user_IP = #IP#
> > </cfquery>
> >
> > <cfif qry_ck_IP.RecordCount EQ 0>
> > <javascript>
> > alert("You are not allowed be here. Get out");
> > </javascript>
> > <cfflush>
> > </cfif>
> >
> > in doc_server.cfm (again, pseudocode)
> >
> > <cfif NOT isDefined("URL.file")>
> > <cflocation URL = "index.cfm">
> > </cfif>
> >
> > <cfcontent type="application/msword" file="#ExpandPath(file)#"
> > deletefile="no">
> >
> > This seems to work. Taking out the cfflush "breaks" my authentication
> > scheme.
>
>
> --
> CFAJAX docs and other useful articles:
> http://www.bifrost.com.au/blog/
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting,
up-to-date ColdFusion information by your peers, delivered to your door four
times a year.
http://www.fusionauthority.com/quarterly
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:250382
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
