#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2004
    Posts
    84
    Rep Power
    11

    Nested application session management


    I recently added CFFM (http://www.opensourcecf.com/cffm/) to my web application. My web application is setup to require a login before any resources are allowed to be displayed. However, since my CFFM defines itself as an application, the session variables my from application are not passed to the CFFM application. Therefore, if a user were to know the URL directly to the CFFM application, they would be able to bypass logging in.

    What is the best way to go about restricting access to CFFM only to users who have logged into my application?
  2. #2
  3. No Profile Picture
    Moderator

    Join Date
    Jun 2002
    Location
    Raleigh, NC
    Posts
    5,281
    Rep Power
    968
    You can give them both the same application name, the session scope (and the application scope) should be shared.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2004
    Posts
    84
    Rep Power
    11
    Ok, I feel retarded. That was too easy. Thanks for the heads up kiteless.

IMN logo majestic logo threadwatch logo seochat tools logo