I have an extranet application that I have set up. I have created an application.cfm for each directory as follows:<br><br><cfapplication <br>name="session.authenticated" <br>sessionmanagement="Yes" <br>setclientcookies="Yes" <br>sessiontimeout="#CreateTimeSpan(0,0,30,0)#" applicationtimeout="#CreateTimeSpan(1,0,0,0)#"><br><br><CFSET session.authenticated="#cfid#&cftoken=#cftoken#"><br><br><CFPARAM name="session.authenticated" DEFAULT="FALSE"><br><br> <!-- If the user is not yet logged in, and not currently on the login pages,<br> or the forgotten password page, --><br> <CFIF #Session.authenticated# IS "FALSE"><br> <CFIF (CGI.SCRIPT_NAME IS NOT "default.cfm"
<br> AND (CGI.SCRIPT_NAME IS NOT "error.cfm"><br> <SCRIPT LANGUAGE="JavaScript"><br> alert("The system has detected an invalid login.<br> You will be prompted for your login/password again."<br> self.location='default.cfm';<br> </SCRIPT> <br> </CFIF><br> <CFELSE><br> </CFIF><br><br><br>I have included the following code at the top of each document used in this site:<br><br><cfif not isdefined("session.authenticated"><br> <cfoutput><br> You are not authenticated, or your session has timed out<br> </cfoutput><br> <cfabort><br></cfif><br><br>My problem is that you can bookmark the pages, and if you type a direct URL request with page name you can access the pages. What have I done wrong with the code, I need to prevent people from being able to access the pages if they have not logged in on the default.cfm page which passes username and password to the intranet.cfm which then loads the appropriate page based on log in.<br><br>I thought that by using the application.cfm it would prevent direct URL calls. Any help would be appreciated.
<br> AND (CGI.SCRIPT_NAME IS NOT "error.cfm"><br> <SCRIPT LANGUAGE="JavaScript"><br> alert("The system has detected an invalid login.<br> You will be prompted for your login/password again."<br> self.location='default.cfm';<br> </SCRIPT> <br> </CFIF><br> <CFELSE><br> </CFIF><br><br><br>I have included the following code at the top of each document used in this site:<br><br><cfif not isdefined("session.authenticated"><br> <cfoutput><br> You are not authenticated, or your session has timed out<br> </cfoutput><br> <cfabort><br></cfif><br><br>My problem is that you can bookmark the pages, and if you type a direct URL request with page name you can access the pages. What have I done wrong with the code, I need to prevent people from being able to access the pages if they have not logged in on the default.cfm page which passes username and password to the intranet.cfm which then loads the appropriate page based on log in.<br><br>I thought that by using the application.cfm it would prevent direct URL calls. Any help would be appreciated. 