Force logon

How do I force users to logon before go further to other web pages ?
currently, I found that if users know the name of other web documents e.g.

http://www.test.com/main.html

Then users can directly type the above url and by pass the logon page e.g.
http://www.test.com/login.cfm
adrianmakAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

OeilNoirCommented:
You did a login page? Once the user log on your login page what happen? you check if user and password match you have in the database, then you set session variable ?

Anyway, that's what you should do, set session variable (which will be available through all your website)

exemple :

<!--- once the user log on --->
<CFSET Session.memberid="#memberid#">
<CFSET Session.accesslevel="#accesslevel#">            
<CFSET Session.nick="#nick#">      


Once your session variable are set, put some code at the begining of each page that need to be logged to access them, that code need to check if the user was logged, be verifing if the session variable exist, if they doesn't existe, you can simply give a message that the user need to be logged, or if you want to make it a level deeper, you can use access level as i did in the following exemple.  Accesslevel is a field taken from the database, that i also set as a session variable and check it in every pages, depending on the page, the user will need a certain accesslevel to be able to see the page. if it's lower than the required access level i don't let him go furter. i hope this help, if you need more info ask i'll help out.

<!--- LOGIN VERIFICATION --->
<CFIF NOT IsDefined("session.memberid")>
     <CFINCLUDE TEMPLATE="common/loginrequired.cfm">
     <CFABORT>
<CFELSE>
     <CFIF session.accesslevel less than 6>
          <CFINCLUDE TEMPLATE="common/accessdenied.cfm">
          <CFABORT>            
     </CFIF>            
</CFIF>      
<!--- END OF LOGIN VERIFICATION --->
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
adrianmakAuthor Commented:
Do the Cold Fusion Security can be integrated with NT server user account ?
That's mean I can use NT user account for security check instead of build another database to serve this purpose
0
OeilNoirCommented:
mmmm.. i don't see how you could link the NT user account with
ColdFusion. my answer will be "I don't know" but i doubt it's possible... you may want to look around to find if it is possible.
Maybe on Allaire's board can you get that information.
0
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

punkerCommented:
>>Do the Cold Fusion Security can be integrated with NT server user account ?<<

The last place I worked we used a tag called NTUSERLOGON to do just that. Try a search for it on Allaire's site. I think that's where we got it.
0
punkerCommented:
Oh and, you don't have to put the login verification at the top of every page. Just put it in the application.cfm page of the login directory. Application.cfm is automatically included in every page that is called from it's directory.
0
OeilNoirCommented:
hehe Punker is right, unless you use access level that can be differente for every page =)
0
punkerCommented:
In which case, surround your CFML in an if statement, like so:

<cfif Session.SecLevel GTE "2">
This is the page.
<cfelse>
<script language="javascript">
alert("You aren't allowed to view this page!");
history.go(-1);
</script>
</cfif>

For cleaner code, you can keep all this in the application.cfm file. For example, the Login directory would allow people of security level 1 and above to view all pages, in Login/Reports/ the application.cfm would allow security levels 2 and higher, Login/Admin/ security levels 3 and higher, etc.

I've done it both ways, depending on the scope of the project. It's all in how you want to do it.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Servers

From novice to tech pro — start learning today.