Dave, I wouldn't use multiple application.cfc's, you usually need only 1 for an entire application. Here are some idea's on how to implement this:
At the top of each page, include your login code. Make a separate file that contains your <cflogin> tag and your form, then include this only on pages that require authentication. If the user is already logged in, anything between the <cflogin> and </cflogin> wont even be executed, but if they are not logged in they should get your login form. Be sure to <cfabort> at the end of your included login form, before your </cflogin>, so the user does not accidentally get both the login form and your secure content! You could also setup either a table or an array that tells your application if a page requires a login or not, in your application.cfc take a look at the onRequest() tag. Do something like this: <cffunction name="onRequest" returntype="void"> <cfargument name="thePage" type="string" required="true"> <!---// Check if the user is requesting a secure page, force a login if they are //---> <cfswitch expression="#arguments.thePage#"> <cfcase value="mySecurePage1.cfm"> <cfinclude template="myLoginPage.cfm"> </cfcase> <cfcase value="mySecurePage2.cfm"> <cfinclude template="myLoginPage.cfm"> </cfcase> <cfdefaultcase> <cfinclude template="#arguments.thePage#"> </cfdefaultcase> </cfswitch> </cffunction> There are many many ways to do this, just pick one that works for you (obviously the 2nd one wont work well if you have 200 pages you need to secure). Chris Peterson Gainey IT Adobe Certified Advanced Coldfusion Developer -----Original Message----- From: Dave Francis [mailto:[EMAIL PROTECTED] Sent: Thursday, July 05, 2007 11:12 AM To: CF-Talk Subject: cflogin Hi, I can't quite get my head around this problem - I want to allow users open access to pages in a "common" sub-folder, but restricted access (based on roles) to other sub-folders. Users shouldn't be asked to Login until they want access to the "restricted" pages. I tried doing it via Application.cfc, but now I'm looking at an application.cfm in each folder that cfincludes a "forceUserLogin.cfm" page, and additionally incorporates a isUserInRoles(). Will this work, or do I need some code in each page? And will Application.cfc still be processed to set my application variables? BTW, I'm running the latest "free" version of Bluedragon Grateful thanks in advance, Dave ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Deploy Web Applications Quickly across the enterprise with ColdFusion MX7 & Flex 2 Free Trial http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:282962 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4