July 25th, 2011, 04:14 PM
Nested application session management
I recently added CFFM (http://www.opensourcecf.com/cffm/) to my web application. My web application is setup to require a login before any resources are allowed to be displayed. However, since my CFFM defines itself as an application, the session variables my from application are not passed to the CFFM application. Therefore, if a user were to know the URL directly to the CFFM application, they would be able to bypass logging in.
What is the best way to go about restricting access to CFFM only to users who have logged into my application?
July 25th, 2011, 05:17 PM
You can give them both the same application name, the session scope (and the application scope) should be shared.
July 25th, 2011, 05:59 PM
Ok, I feel retarded. That was too easy. Thanks for the heads up kiteless.