Yes it does matter, since this is a frame you do not want the login page loading inside the frame.
You have: <script> document.location="int.cfm" </script> which will indeed load it into the frame. You want to do top.document.location instead. Example <script> top.document.location.href='int.cfm'; </script> ============================================ Bryan F. Hogan Director of Internet Development Team Macromedia Volunteer Macromedia Certified ColdFusion MX Developer Digital Bay Media, Inc. 1-877-72DIGITAL ============================================ -----Original Message----- From: John Stanley [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 1:51 PM To: CF-Talk Subject: Application security structure -- ADDENDUM I dont know if this matters, but the default page for this site is int.cfm which is a frame page that calls the page content.cfm. this page checks to see whether the user has successfully logged in, and then directs them to the correct page. -----Original Message----- From: John Stanley Sent: Thursday, March 27, 2003 1:40 PM To: CF-Talk Subject: Application security structure Running CFMX Okay, this is a very basic question for alot of you, but one that gives me pause everytime it comes up. I am developing a large application-level web site that will house several smaller applications inside of it. I am using application and user-groups defined roles for each user to limit their access to whatever I want them to see. This all works great. Here is my problem: 1. The appliation.cfm loads with every page request. 2. If there is no Session.Auth structure, it makes one. 3. The session scope for the application tag in my application.cfm is set to timeout after 20 minutes. 4. If the browser has had no activity for the prescribed length of time, the user on the next page request should be prompted to log in again. 5. I cannot figuire out how to redirect the user by using code on the application.cfm to do this. Sort of like the following: <cfif not isdefined("session.Auth")> <cfset session.Auth = structNew()> <cfset session.Auth.UserID = "0"> <cfset session.Auth.LoginAttempts = "0"> <cfset session.Auth.AppList = ""> <cfelse> <cfif session.Auth.UserID eq "0"> <script> document.location="int.cfm" </script> </cfif> </cfif> This should be very easy, but I just cant get my head around it. I keep getting the million-page-loading problem. Any thoughts. :-) John ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4