If you use the more standard type of CF security, all files in the
directory where the application.cfm and the security files are located
will not run if the user is not logged in. If you have a page that you
wish anyone to be able to view (people not logged in),
then you must place it in a directory outside of the secured directory
and use no session variables within that page. This assumes that the
data you are displaying
is for public consumption, otherwise, you must force a login, where the
session variables are defined.
Forrest C. Gilmore
===============================
On 3/5/2010 5:53 PM, Tom McNeer wrote:
Hi Moises,
In general, what you want to do is this: as a request is being
processed (perhaps within the OnRequest method of Application.cfc, or
elsewhere if you're using a framework), you need to check to see if
the user is logged in, probably by checking for existence of some
session variable. So instead of getting an error saying the variable
is undefined, you do <cfif NOT isDefined("session.whatever")>.
If the person is not logged in, then you need to grab the URL string
that s/he was trying to access and redirect the user to the login
page, including the original URL in some manner. I've sometimes
created a POST action to the login page, so that the string comes into
the login page as a form variable, say "form.intendedURL."
You send that information along with the login. If the login is
successful, you can then redirect the user to the intended page,
because you know the URL or queryString values.
I realize that's a general response, but you need to build around your
application's architecture.
--
Thanks,
Tom
Tom McNeer
MediumCool
http://www.mediumcool.com
1735 Johnson Road NE
Atlanta, GA 30306
404.589.0560
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------