Thanks for your help - The simple solution was to just move the login page and Cfcheck under the admin folder - everything works.
One question though, to kill the session vars, when someone clicks a logout link I redirect them to this code, then pass them to another template: <CFLOCK TIMEOUT="30" THROWONTIMEOUT="No" NAME="#SESSION.Auth#" TYPE="EXCLUSIVE"> <CFSET StructClear(SESSION)> </CFLOCK> <CFLOCATION URL="somepage.cfm"> Doesn't seem to work though - using the browser back button, I can go back to the "secured" area. What am I doing wrong? Thanks, Mark -----Original Message----- From: Justin Scott [mailto:[EMAIL PROTECTED]] Sent: Friday, April 12, 2002 7:15 AM To: CF-Talk Subject: Re: Security Access > Thus, the problem, can a Session, which is created in the Cfcheck.cfm > template be passed intact to another page, which is controlled by a > different application.cfm. Are you using the CFAPPLICATION tag in the nested Application.cfm files? If so, that will cause CF to look at a different set of session variables for that (logical) application. Simply having another Application.cfm file further down in the tree should not cause the session variables from "higher" pages to not be seen. Also check to make sure the proper cookies are being assigned and/or the tokens being passed on the URL. -Justin Scott, Lead Developer Sceiron Internet Services, Inc. http://www.sceiron.com ______________________________________________________________________ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
