I am planning on adding role based page level security to my application by adding this chunk of code to every page:
<body> <cfif ListFindNoCase("AllowedRole1,AllowedRole2,AllowedRole3", #session.user_role#, ",") EQ 0> You are not authorized to view this page. <cfabort> </cfif> .. [page content] ... </body> Session.user_role is set when the user logs in to the app. Is this a fairly standard way to do it? Certain pages should not be viewable by certain roles, can anyone think of an instance where a user could get past this? TIA. v/r, Jeff ______________________________________________________________________ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists