Re: [ACFUG Discuss] Session variables

Fri, 05 Mar 2010 16:47:29 -0800

If you use the more standard type of CF security, all files in the directory where the application.cfm and the security files are located will not run if the user is not logged in. If you have a page that you wish anyone to be able to view (people not logged in), then you must place it in a directory outside of the secured directory and use no session variables within that page. This assumes that the data you are displaying is for public consumption, otherwise, you must force a login, where the session variables are defined. 

Forrest C. Gilmore
===============================
On 3/5/2010 5:53 PM, Tom McNeer wrote:

Hi Moises,
In general, what you want to do is this: as a request is being processed (perhaps within the OnRequest method of Application.cfc, or elsewhere if you're using a framework), you need to check to see if the user is logged in, probably by checking for existence of some session variable. So instead of getting an error saying the variable is undefined, you do <cfif NOT isDefined("session.whatever")>.
If the person is not logged in, then you need to grab the URL string that s/he was trying to access and redirect the user to the login page, including the original URL in some manner. I've sometimes created a POST action to the login page, so that the string comes into the login page as a form variable, say "form.intendedURL."
You send that information along with the login. If the login is successful, you can then redirect the user to the intended page, because you know the URL or queryString values.
I realize that's a general response, but you need to build around your application's architecture. 


--
Thanks,

Tom

Tom McNeer
MediumCool
http://www.mediumcool.com
1735 Johnson Road NE
Atlanta, GA 30306
404.589.0560





-------------------------------------------------------------
To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform 

For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------

Reply via email to