I think I have the findNoCase arguments mixed up :P. Switch them. If you are using CF 7+ then application.cfc should be available to use.
-Pat On Mon, Oct 19, 2009 at 3:21 PM, Patrick Santora <[email protected]> wrote: > Alan's right. Coldfusion sits on top of the directories, so you can head > the user off at the pass before showing off anything that may be within that > folder. In your case you may want to consider trapping whether or not the > user has access by pushing in some security logic into the onRequestStart > method that should be available through application.cfc (assuming you are > using application.cfc and your version of CF can handle it). There you can > do something like this (not tested): > > Reference to application.cfc example: > http://www.bennadel.com/blog/726-ColdFusion-Application-cfc-Tutorial-And-Application-cfc-Reference.htm > > <!--- if you do not have the variable set or you are not logged in and you > are attempting to access the secured directory then abort ---> > <cfif NOT isDefined( "session.loggedIn" ) OR NOT session.loggedIn AND > findNoCase( arguments.targetPath, "{directory}" )> > <cfabort /> > </cfif> > > I'm sure there are other ways, but something like this should work fine and > you would only need one application scope. > > -Pat > > > On Mon, Oct 19, 2009 at 3:01 PM, Alan Rother <[email protected]>wrote: > >> >> Why are you using so many application.cfm files? You really only need one, >> from what you've described. >> >> On Mon, Oct 19, 2009 at 2:34 PM, Brian Bradley <[email protected]> wrote: >> >> > >> > In the one off of the root - I name it login_app and it has a session >> > variable named loggedIn. In the contact folder (for example) the name >> of >> > that application is contact_app and it is looking for the loggedIn >> variable. >> > If loggedIn exists, it lets the user access the pages in that >> directory, if >> > it does not, it will redirect them to the logon page. I am getting that >> > loggedIn cannot be defined since it isn't technically part of the >> > contact_app application. I can still pull the value up in the contact >> > folder from a file just not from the application file. I thought that >> the >> > directory structure plays a role and I can use variables as long as it >> goes >> > from the root through the subdirectories, but I guess I am wrong. I >> just am >> > hoping to avoid cookies if possible. Thanks. >> > >> > >> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:327343 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
