Application security structure -- ADDENDUM

Thu, 27 Mar 2003 10:56:47 -0800 

I dont know if this matters, but

the default page for this site is int.cfm which is a frame page that calls
the page content.cfm. this page checks to see whether the user has
successfully logged in, and then directs them to the correct page.



-----Original Message-----
From: John Stanley 
Sent: Thursday, March 27, 2003 1:40 PM
To: CF-Talk
Subject: Application security structure


Running CFMX

Okay, this is a very basic question for alot of you, but one that gives me
pause everytime it comes up.

I am developing a large application-level web site that will house several
smaller applications inside of it. I am using application and user-groups
defined roles for each user to limit their access to whatever I want them to
see. This all works great.

Here is my problem:
1. The appliation.cfm loads with every page request.
2. If there is no Session.Auth structure, it makes one.
3. The session scope for the application tag in my application.cfm is set to
timeout after 20 minutes.
4. If the browser has had no activity for the prescribed length of time, the
user on the next page request should be prompted to log in again.
5. I cannot figuire out how to redirect the user by using code on the
application.cfm to do this. Sort of like the following:

<cfif not isdefined("session.Auth")>
        <cfset session.Auth = structNew()>
        <cfset session.Auth.UserID = "0">
        <cfset session.Auth.LoginAttempts = "0">
        <cfset session.Auth.AppList = "">
<cfelse>
        <cfif session.Auth.UserID eq "0">
                <script>
                    document.location="int.cfm"
                </script>
        </cfif>
</cfif>

This should be very easy, but I just cant get my head around it. I keep
getting the million-page-loading problem.

Any thoughts.

:-)

John




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Get the mailserver that powers this list at http://www.coolfusion.com

                                Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Reply via email to