Application.cfm Security

try double quotes

<cfif NOT Isdefined("SESSION.LOGINID")>
  <cflocation url="../member check.cfm">
</cfif>

If you are using CFMX , you need to CFLOCK
<CFLOCK timeout="30" scope="session" type="readonly" >
<cfif NOT Isdefined("SESSION.LOGINID")>
  <cflocation url="../member check.cfm">
</cfif>
</CFLOCK>            

where is the redirection for logon.cfm ???

r u sure it bypasses this ??? may be it goes thru a diff route

pls use the cfoutput tags to know where exactly its getting stuck & then decide on correcting the error there!

K'Rgds
Anand

Are you sure it's ignoring the statement? Try doing the following:

<cfoutput>#IsDefined("Session.loginID")#</cfoutput>

<cfif IsDefined("Session.loginID")>
  <cfoutput>#Session.loginID#</cfoutput>
</cfif>

*********************************************************

<cfif Not Isdefined('session.loginid')>
  <cflocation url="../member check.cfm">
</cfif>

I think we all had the same ideas all about the same time  =)

I think there's a problem with your application.cfm cause as what you have said, you create it to a separate folder.

Since, you're session variable existency checking is in the application.cfm. You should have to see to it that this file [application.cfm] is within your root directory.

That's why it ignors the code below :

<cfif Isdefined('session.loginid')>
<cfelse>
<cflocation url="../member check.cfm">
</cfif>

session.loginid variable is always not defined/exists coz you're application.cfm file will not be loaded.

I have an example for you below. This is not involving database but our concern is on session variable existency checking.

In your first file type this code:

<CFAPPLICATION NAME="FORUM" SESSIONTIMEOUT="#CreateTimeSpan(0,0,60,0)#" SESSIONMANAGEMENT="Yes" CLIENTMANAGEMENT="Yes" >
Then save as application.cfm.
Regarding the CreateTimeSpan function it sets when to destroy your session.

For your file in login form have this code:

<form name="form1" method="post" action="validate.cfm">
 <p>username :
   <input type="text" name="username">
 </p>
 <p>password :
   <input type="password" name="password">
 </p>
 <p>
   <input type="submit" name="Submit" value="  OK  ">
 </p>
</form>
Then save as login.cfm.

For your action file validate.cfm

<cfif '#form.username#' eq 'administrator' and '#form.password#' eq 'administrator'>
 <cfset session.valid_account='#form.username#'>
 <cflocation url="index.cfm">
<cfelse>
 <cflocation url="login.cfm">
</cfif>

For your main page index.cfm, you should have this code.
This one will check if the session variable already exists.
<cfif not isDefined('session.valid_account')>
 <cflocation url="login.cfm">
<cfelse>
 <!--- Go to main page --->
</cfif>

GOODLUCK!

I am still being redirected to the logon page no matter how I defined the session variable and even if I can pull the value from it on.  However, I do also get a message that logonid is not defined in session sometimes, after I have logged on and set the variable. Not sure what is causing this. It is really frustrating me. Thanks, for all the help, and any other recommendations are welcomed.

"Default Web Folder"
(Application.cfm)-Sets up the session management
(Logon.cfm-defines session.logonid)    
                   *
     *
     *
"Private Folder -located under web root"
(Application.cfm)-Checks if session.logonid is defined,
(Protected Files-located in private folder)
If session.logonid is not defined it redirects you to logon.cfm

From your Application.cfm within the Prive Folder, you should include your Application.cfm from the root folder like so:

<cfinclude template="../Application.cfm">

Do this at the top of the Application.cfm within the Private Folders. Make sure not to duplicate anything between these 2 Application.cfm files, as they will work as one now.

if you have <cfapplication> tags in both files, make sure the "name" attribute is the same in both.