Hi 

I've been working on exactly the same thing recently and wondered if I could
enquire a little further here.


> 
> What you need to do is check that the user is logged in on each page you
> want to secure. One way to do this is the application.cfm to check if the
> user is checked in

Fine, I do this in the application.cfm with something like:



> <cfif not isdefined("session.loggedin") > <!--- if user not logged in --->
> 
> <!--- as this runs on every page , --->
> <!--- you'll need to check if this IS the login page---->
> <!--- so you don't get stuck in a loop--->

However the next bit is what I have a problem with. Surely this creates a
loop if the application.cfm also runs on login.cfm.

> <cfif CGI.Script_name is "login.cfm">
> <cflocation url="login.cfm">   ---- goto login page!
> </cfif>
> 
> </cfif>
> This will check to see if the user is logged in when any page in the
> application directory is called...


Wjat I want to know, short of putting these files in another directory with
an application.cfm that doesn't do the already-logged-in-check how can I
write a get out clause so I can send the user to a page with a log-in form
and send the form results to a database so the user can log-in. It's a real
chicken and egg situation. How can I get to a login page if the
application.cfm won't let me. I've solved it by putting the login .cfms in
another directory but is this the best and only solution. From looking at
the fusebox idea I'm certain it's not.

I'd love to hear of better solutions.

Simon


------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Reply via email to