Link to home
Start Free TrialLog in
Avatar of hefterr
hefterrFlag for United States of America

asked on

ColdFusion Document Download - Part 2

Hi,
This is in reference to question : https://www.experts-exchange.com/questions/26461687/Secure-Document-Download-ColdFusion.html

I understand now how to do a secure document download in ColdFusion using CFHeader and CFContent (thanks).

Q:  I'm not sure of the flow:
I have a page of icons/buttons/links that represent different documents that can be downloaded by the user.  When the user clicks one of these icons, what is the flow to download the document and redisplay the page?  Do I have to leave/reload the page - or is that more of a JScript or JQuery question?

Do I just go to another page (via a link), do the download and then CFlocation back to redisplay the original page of doc links?

Thanks in advance,
hefterr
ASKER CERTIFIED SOLUTION
Avatar of _agx_
_agx_
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of hefterr

ASKER

Hi aqx,
Thanks for the tip.  I'll try it it out but may not get to it until Monday.  So I haven't forgotten about it!!
No worries ;-) Enjoy the weekend.
Avatar of hefterr

ASKER

Hi aqx,
I gave it a quick try.  It WORKS!!!  I think I owe you 250 beers now :)

thanks (again),
hefterr
Avatar of hefterr

ASKER

Oh - no!  After all this time I just noticed it's :"agx" (not aqx) .  Actualy it seems like it  "_agx_" ?

1,000  appologies.

hefterr
lol. Virtual beers are _very_ potent, so I probably shouldn't drink them all at once.

>> 1,000  appologies.

No worries.  I knew what you meant ;-) We'll blame it on the EE font/css.  

( Yeah, I'm definitely blaming it on the EE's CSS. Looking at it now, *I* can't even tell it's _agx_ .. and it's my own nickname ! ;-)

Avatar of hefterr

ASKER

Hi _agx_ (got it right this time),
One last question on the download issue.

I assume the original link woud go to a program that should again verify the credentials of the user before starting the download.  Otherwise you are just basically trading one unsecure link link for another.  In other words, anyone could still use the original link in the HTML to access the file.  It would just invoke a second program that serves it up.  So both programs have to verify the credentials of the user.  The first to provide the link and the 2nd to actually push the file.

thanks again,
hefterr
Sorry for the delay...

That all depends on how you're validating the credentials...  I'd assume you're requiring users to login in first via some *.CFM page. If the login is successful, you set a few session variables.  So if you wanted to verify the user was logged in, you'd need to link to a *.cfm script (not *.html page).   The .cfm script would then verify credentials, and redirect the user if they were NOT logged in.