on 3/8/01 9:47 PM, Hubert Earl at [EMAIL PROTECTED] wrote:
> I have an admin page which can be accessed thru a login page. However, as
> it now stands, if someone were to learn bookmark that page, he or she could
> return to it via the bookmark, rather than via the login page. How can I
> ensure that someone could only access the admin page via the login page?
You can set up a very simple security either using cookies or a session
variable after the member successfuly logs in. If everyone has the same
password you can have something like this on the page that the login form
points to:
<cfif FORM.Password IS NOT "letMeIn">
<cflocation url="login.cfm">
<cfelse>
<cfcookie name="login" value="yes">
<script>
window.location = "admin/index.cfm"
</cfscript>
</cfif>
The reason for the script tag is that you can't set a cookie while you use
cflocation.
Have the login template and the action template outside the directory where
the application.cfm page that will test for the existence of the cookie or
session variable otherwise you would get a loop going.
In the application.cfm page you can test for the existence of the cookie or
session variable and if it does not exist send them back to the login page
with <cflocation> something like:
<cfif NOT IsDefined("COOKIE.Login")>
<cflocation url="../login.cfm">
</cfif>
You can do the same with a session variable. If you don't want to use the
application.cfm page you just have the above cookie test on every page that
you want secured.
If everyone uses the same password to get in its easy. If different
passwords are required you need to set up a database or have a text file
that you can look for password matches.
Sebastian
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
