> You could always put in the necessary closing tags before the CFABORT...
The main drawback to doing this approach is that it leads to cluttered code, especially if there is complex HTML code contained in your page footer. Also, consider a situation where there needs to be more than one security check: <CFIF NOT condition1> Sorry, you're not authorized for this. <!-- closing HTML tags here --> <CFABORT> <CFELSEIF NOT condition 2> Sorry, you're only authorized for this on Mondays. <!-- closing HTML tags here --> <CFABORT> <CFELSEIF NOT condition 3> Sorry, you're only authorized for this on Tuesdays. <!-- closing HTML tags here --> <CFABORT> </CFIF> This can become quite messy and is hard to maintain with closing tags scattered all around the page. Your best bet is to create a standard "not authorized" page and just do a CFLOCATION to it when needed. I usually add a CFABORT just after the CFLOCATION in case, for some reason, the browser ignores the client side redirect. It looks like this: <CFIF NOT condition1> <CFLOCATION URL="not_authorized.cfm"> <CFABORT> <CFELSEIF NOT condition 2> <CFLOCATION URL="not_authorized.cfm"> <CFABORT> <CFELSEIF NOT condition 3> <CFLOCATION URL="not_authorized.cfm"> <CFABORT> </CFIF> Regards, Seth Petry-Johnson Argo Enterprise and Associates ______________________________________________________________________ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists