Another option, if you're using App.cfm (rather than App.cfc) in your admin:
admin/Application.cfm:
<cfapplication
name="yourAdmin"
sessionmanagement="true"
sessiontimeout="#CreateTimeSpan(0, 0, 15, 0)#"
>
<cfparam name="SESSION.loggedIn" default="false">
admin/index.cfm:
<cfif NOT SESSION.loggedIn>
<!--- Show login form here --->
<!--- Post to a page and if DB checks out, set SESSION.loggedIn to
true --->
<cfelse>
Welcome message
</cfif>
admin/secure-page.cfm (and all other protected pages):
<cfinclude template="login-check.cfm">
Secret content here
admin/login-check.cfm:
<cfif NOT SESSION.loggedIn>
<cflocation url="index.cfm" addtoken="false">
</cfif>
Include login-check.cfm in all pages you want to be secured.
This is just one way of many to do this sort of thing. Give it a bash, see
how it works out for you.
Adrian
> -----Original Message-----
> From: J.B. Mentzer [mailto:[email protected]]
> Sent: 13 March 2009 07:05
> To: cf-newbie
> Subject: Re: Securing an Admin area?
>
>
> Could you elaborate on Role Management? Would that be a value
> (SuperUser
> |Admin | Dork) assigned to the variable "Role"?
>
> Is including a template the same as redirecting the user? I'd like the
> session to expire after 15 minutes of inactivity, too ... how best to
> do
> that?
>
> Thanks,
>
> * JB *
>
> Knut Bewersdorff wrote:
> > Hi,
> >
> > if you use login with a "role" management, you can place something
> lieke this AT THE TOP OF EACH PAGE, which should be protected:
> >
> > <cfif NOT IsUserInRole("Admin")>
> > <cfinclude template="NoRightsForThis.cfm">
> > <cfabort>
> > </cfif>
> >
> > Best regards
> > Knut Bewersdorff
> >
> > ----- Original Message -----
> > From: J.B. Mentzer
> > To: cf-newbie
> > Sent: Friday, March 13, 2009 4:53 AM
> > Subject: Securing an Admin area?
> >
> >
> >
> > Hi all,
> >
> > One of my client sites carries repair parts. I've created an Admin
> > section, so he can make his own adds, edits and deletions from the
> catalog.
> >
> > The database is MySQL, and the the actual queries are in Custom
> Tags. I
> > have a login page, but need help with controlling session variables
> to
> > enforce use of the login page to access the Admin area.
> >
> > The login page requires a UserID & PW, which are matched against
> columns
> > in a Users table. What type of variable should I set for users with
> good
> > credentials? Should I put a test for this variable in the Admin's
> > Application.cfm?
> >
> > Thank you!
> >
> > * JB *
> >
> > JB Mentzer
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;207172674;29440083;f
Archive:
http://www.houseoffusion.com/groups/cf-newbie/message.cfm/messageid:4446
Subscription: http://www.houseoffusion.com/groups/cf-newbie/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.15
