I have a user authentication system in my application that allows you to log in and view certain areas of the site based on a session variable. I'm wondering how people handle the following scenario.
User logs in and has a browse of the site and finishes on a secure page. Then does nothing and their session times out. Then they click refresh on the page they're on (or click on a link to anther secure page), which uses their session id. As the session has timed out, you need to redirect them to log in again. You can obviously catch the error in that page but this isn't very scalable. You could have a list of pages in application.cfm that can only be viewed if the session id exists and check that the current page is in that list of pages. Again, not ideal. What does everyone else do in this situation? Is this something CFLOLGIN can handle or is that only suited to securing entire directories/applications. Can it work on a per page or section of page basis. Thanks! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:204404 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
