Normally you would check for the existence of login information, like <cfif structKeyExists(session,"isLoggedIn")>
If it exists, continue, if not invoke methods to display the login part. That last one can be tricky, depending on the application. If you have an application, single paged, then you can easily do a cflocation to the login part. If you have, for example an web application with iframes, you must execute custom scripting to target correct frames, or display overlays with login forms. It depends on your situation. If you want to return the user, try looking at referrer variables. When relocating the user to the login page, provide the referrer page in the url. When the login is successful you can relocate the user back to that referrer page provided in the url. There are many ways each with their advantages, but this is just one of them. Micha Schopman Project Manager Modern Media, Databankweg 12 M, 3821 AL Amersfoort Tel 033-4535377, Fax 033-4535388 KvK Amersfoort 39081679, Rabo 39.48.05.380 ------------------------------------------------------------------------ ------------------------------------------------------------------------ ----- Modern Media, Making You Interact Smarter. Onze oplossingen verbeteren de interactie met uw doelgroep. Wilt u meer omzet, lagere kosten of een beter service niveau? Voor meer informatie zie www.modernmedia.nl ------------------------------------------------------------------------ ------------------------------------------------------------------------ ----- -----Original Message----- From: Paul Wilson [mailto:[EMAIL PROTECTED] Sent: dinsdag 26 april 2005 8:24 To: CF-Talk Subject: Session Timeout and User Authentication I have a user authentication system in my application that allows you to log in and view certain areas of the site based on a session variable. I'm wondering how people handle the following scenario. User logs in and has a browse of the site and finishes on a secure page. Then does nothing and their session times out. Then they click refresh on the page they're on (or click on a link to anther secure page), which uses their session id. As the session has timed out, you need to redirect them to log in again. You can obviously catch the error in that page but this isn't very scalable. You could have a list of pages in application.cfm that can only be viewed if the session id exists and check that the current page is in that list of pages. Again, not ideal. What does everyone else do in this situation? Is this something CFLOLGIN can handle or is that only suited to securing entire directories/applications. Can it work on a per page or section of page basis. Thanks! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:204406 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54