> <cfif not IsDefined("LoggedIn")> <!--- this logic added to --->
This line is getting triggered on every page load, so when it redirects and reloads the page it's getting triggered again in an endless cycle. You'll need to add logic to tell it not to redirect when you're actually loading the login page: <cfif not IsDefined("LoggedIn") and cgi.script_name is not "/login.cfm"> <!--- this logic added to ---> Adjust that as needed and it should stop redirecting when you're viewing the login page. Having said that, there are a number of other issues with this code (login protection is only running in the onApplicationStart method so would only be run on the very first request to the app, for one). There's a SQL injection vulnerability in there, variable scoping issues (e.g. as written someone could pass ?loggedin=1 on the url and it would bypass this. I understand you're learning but would recommend finding a different login example to work with as this one is going to lead you places you really don't want to go. -Justin ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353861 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm