Yeah, I hate to say it but.... Your problem is that you are relying on Javascript as your security. Anybody an tell their browser to ignore your security, thus they will not get redirected to the login page.
You need to either use cflocation to redirect them to your login page or a cfinclude of the login page followed by cfabort. Ideally, this login check code is in your application.cfm or Application.cfc. These changes will prevent this kind on unwanted access as they will occur on the server side processing rather than on the client side processing. =] -- Alan Rother Adobe Certified Advanced ColdFusion MX 7 Developer Manager, Phoenix Cold Fusion User Group, AZCFUG.org ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:319539 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
