Personally I stay away from session variables, preferring client variables
for stability reasons and you dont have to write additional logic to take
care of session timeouts, but your solution looks fine to me.
One solution to the cfabort problem is to put your html footer in an include
and do a <cfexit method="EXITTEMPLATE"> on error. It works great if you are
working in a head.cfm/content.cfm/foot.cfm type structure...When CF sees
this tag, it's aborts the current template only, but continues to the
next...
jon
----- Original Message -----
From: "Jeff Brown" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, May 23, 2002 11:07 AM
Subject: page security using <cfabort>
> I am planning on adding role based page level security to my application
by
> adding this chunk of code to every page:
>
> <body>
> <cfif ListFindNoCase("AllowedRole1,AllowedRole2,AllowedRole3",
> #session.user_role#, ",") EQ 0>
> You are not authorized to view this page. <cfabort>
> </cfif>
>
> .. [page content] ...
>
> </body>
>
> Session.user_role is set when the user logs in to the app. Is this a
fairly
> standard way to do it? Certain pages should not be viewable by certain
> roles, can anyone think of an instance where a user could get past this?
> TIA.
>
> v/r,
> Jeff
>
______________________________________________________________________
Your ad could be here. Monies from ads go to support these lists and provide more
resources for the community. http://www.fusionauthority.com/ads.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
