6 Replies Latest reply on Dec 1, 2009 12:45 PM by BKBK

    CFAbort Clears CFLogin credentials

    ncsuois

      I am trying to implement a page security system using CFLogin to track user roles.  When a page is being served that is not authorized for the given role, I show a not authorized page and do a CFAbort to stop the rest of the page from rendering.  However, after the CFAbort, the user's CFLogin credentials are lost force them to relog back in.  Is there a method that doesn't require a relogin action?

        • 1. Re: CFAbort Clears CFLogin credentials
          ctreeves Level 1

          Hi,

          Depending on the site setup, CFABORT might not be the best choice.

          For instance, if you have the header and footer called on each page, the the CFABORT might prevent the footer from rendering the page whole page.

           

          Since you are checking for permissions on the page anyhow, how about a simple redirect to a different page if they don't have permission?

          1 person found this helpful
          • 2. Re: CFAbort Clears CFLogin credentials
            BKBK Adobe Community Professional & MVP
            When a page is being served that is not authorized for the given role, I show a not authorized page and do a CFAbort to stop the rest of the page from rendering.

            How do you check, and how do you show the not authorized page?

            1 person found this helpful
            • 3. Re: CFAbort Clears CFLogin credentials
              ncsuois Level 1

              A simple redirect would work, but how would I go about doing that so the currently requested page doesn't get served.

               

              My security logic is in my Application.cfc and I determine if the user is allowed to access page.  If not, I could do a redirect to a not authorized page but I need to stop the execution of the rest of the page from loading.

               

               

              I have also implemented a custom security model.  (It didn't seem like coldfusion had a role based directory security model similar to the role provider in ASP.Net)  I serve pages based user roles and directory configurations.

               

               

               

              PS.  sorry for any knowledge gaps as I am fairly new to coldfusion.

              • 4. Re: CFAbort Clears CFLogin credentials
                ncsuois Level 1

                If is wasn't clear in my last post, I read a security configuration file and get the directory being served along with roles allowed.  If the user is in the roles allowed, they can access otherwise, I do a cfinclude of a not authorized page and a cfabort.

                • 5. Re: CFAbort Clears CFLogin credentials
                  ncsuois Level 1

                  Thanks guys for the help.  It made me look over the logic and see the order in which I placed the abort was incorrect.  thanks again.

                  • 6. Re: CFAbort Clears CFLogin credentials
                    BKBK Adobe Community Professional & MVP

                    No eyes see it clearer than yours. Good luck.