Need help with nested application.cfm files !!

[andyrauter]

hi every1,

i built an application which has totally 3 application.cfm pages. the first one is in the parent folder, and the other 2 are in child sub-folders. for eg:

http://www.mysite.com/parent/

folder has an application.cfm file.

http://www.mysite.com/parent/child1/,

and

http://www.mysite.com/parent/child2/

have application.cfm files too.

when the user logs into the main application, i set the session.allowin = 'true' for the parent application. then when the user tries to access either child1 or child2 directories - i check the user's permissions and set the session.allowin = 'true' for the child applications. in other words, when user tries to access the

http://www.mysite.com/parent/child1/,

the application.cfm file in that directory queries the database. if user has permission, i set the session.allowin = 'true'. i do the same thing for

http://www.mysite.com/parent/child2/

now lets come to problem i'm having !! i'm having difficulties in logging the user OUT !

- when i'm in the parent directory, and i click the logout button, i redirect the user to index.cfm?login=logout. and in the index.cfm i set the session.allowin = 'false'. but this logs the user out of only the parent session !!
- so, i created similar files in child1 and child2 folders that set the session.allowin = 'false'. but now the user was not logging out of the parent application.
- so, i log the user out of the child application, and then redirect him to index.cfm?login=logout of the parent directory ! but now, i'm having problems with users that have access to both the child folders !
- moreover, if i keep redirecting users, i can't make this application scalable when i have more sub-directories !

is there an easier way for me to log the users out ? can i access other application variables by typing something like: parent.session.allowin = 'false', child1.session.allowin = 'false' ?

is there any tutorial where i can find more info about such problems in authentication and authorization ?

hoping to hear from someone,
thanx,
andyrau

 

[csteinhilber]

Hmmmm... sounds like the Application.cfm in each of the directories sets up a different application (different name)?

Why not just use ONE Application.cfm? If you put it in the parent directory, the children should inherit it.

Either that, or make sure your CFAPPLICATION tags are all identical.



-Carl

 

[andyrauter]

i was able to solve the problem thanx anyways !!

andyrau

 

[Wullie]

Andy,

If you ask a question and solve it yourself, please post how you did it so that it can help future users with this problem.

Thanks,

Wullie

http://www.cheapcomputer.org.uk

http://www.freshlookdesign.co.uk

http://www.freshlookdesign.com

http://www.whiland.co.uk

The pessimist complains about the wind. The optimist expects it to change.
The leader adjusts the sails. - John Maxwell

 

[andyrauter]

its kinda hard for me to explain it !!

anyways, lemme try to - i was using cookies to log the user into the parent area. using the details from this cookie, i was logging the user into child1 and child2 areas.

the child1 and child2 folders had application.cfm files that contained:

<cfif &quot;user has permissions&quot;>
<cfset session.allowin = &quot;true&quot;>
</cfif>

the &quot;user has permissions&quot; condition checked the cookie for certain values. but i did not have any place where i was setting the variable to false !!

so, i just added:

<cfif &quot;user has permissions&quot;>
<cfset session.allowin = &quot;true&quot;>
<cfelse>
<cfset session.allowin = &quot;false&quot;>
</cfif>

so, now if the &quot;user has permissions&quot; condition fails, the session.allowin variable is set to false and the user does not have access to that area !!!!

i know it was a silly mistake - but took a while to figure it out

andyrau