How does that work when you are serving a direct like to a PDF or a DOC? CF has nothing to do with that.
From the original email: My concern is how to prevent an non authorized user from accessing or hotlinking to non ColdFusion page. (i.e, images, pdfs, swfs, .txt etc). ________________________________ From: Troy Jones <t...@dynapp.com> To: discussion@acfug.org Sent: Thursday, December 18, 2008 12:19:28 PM Subject: RE: [ACFUG Discuss] Blocking a ColdFusion website's directory Emile, You can create a session variable that exists only when a user is logged in and test for that when a call comes in to your page. For example, in some include file or function, you could use a statement similar to this: <cfif not session.loggedIn> <cflocation template=”login.cfm”> </cfif> If the existence of variable “loggedIn” is not present, the user will be redirected to the location you determine. As far as removing anonymous access to your content, there are a number of ways to do that. I will defer to some of the more experienced minds on the list for that one. Hope this helps, Troy Jones Dynapp Support Team 678-528-2952 From:ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Emile Melbourne Sent: Thursday, December 18, 2008 12:01 PM To: discussion@acfug.org Subject: [ACFUG Discuss] Blocking a ColdFusion website's directory Hey Everyone, I am currently in the process of building my first secured site. Most pages of the site will be behind a login page. I'm using ColdFusion's Application.cfc onRequestStart function to check if a user is logged in or not. Thats pretty much boiler plate. My concern is how to prevent an non authorized user from accessing or hotlinking to non ColdFusion page. (i.e, images, pdfs, swfs, .txt etc). Whats the best way to ensure a user can't link directly to these items but instead be redirected to login.cfm instead? Is there a way to lock down an entire directory? Thank you for all your help Emile ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink ------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink ------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
