Hi Tiffany,
What you need to do is check that the user is logged in on each page you
want to secure. One way to do this is the application.cfm to check if the
user is checked in
<cfif not isdefined("session.loggedin") > <!--- if user not logged in --->
<!--- as this runs on every page , --->
<!--- you'll need to check if this IS the login page---->
<!--- so you don't get stuck in a loop--->
<cfif CGI.Script_name is "login.cfm">
<cflocation url="login.cfm"> ---- goto login page!
</cfif>
</cfif>
This will check to see if the user is logged in when any page in the
application directory is called...
Another way is to create a file to include just at the top of pages you
want to secure..
################ asecurepage.cfm ###############
<cfinclude template="IsSecure.cfm">
a secure page !!!!
############## isSecure.cfm #################
<cfif not IsDefined("session.UserID">
<cflocation url="login.cfm">
</cfif>
############## login.cfm #################
<cfif goodpassword>
<cfset session.userID = x .... <!--- you just create a session for this
user , cf creates 2 variables to track this user; cfid & cftoken , the cf
server takes care of this for you --->
</cfif>
################################
So if someone goes to www.yoursite.com/asecurepage.cfm, the IsSecure.cfm
template will look for the cfid & cftoken, to figure out what user this is;
if they are logged in (and haven't timed out) they can view the page
otherwise they are directed to logon.cfm
As far as cookies are concerned you can choose to use them or not, but if
you don't you have to pass Session.UrlToken (which contains cfid & cftoken)
from Page to page via the URL to keep state..otherwise the cfid & cftoken
are set as cookies....
Hope that helps :-)
~ Justin MacCarthy
~ Irish CF Head
you said>
>username and password against the database and sending them to a page
>once they have successfully logged in. The thing is, how do you make it
>so someone cant just copy the URL they were sent to when they logged in
>and paste in a browser window and have it pop up? Cookies right?
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
