Newbie security question....plz help

[michael2983]

Hello,

I have a simple admin section where users can login. I'm using a form (admin.html) that goes to a .cfm page which verifies if the login and password are correct(admin_check.cfm), if login & password are correct the user is redirected to a third page(third_page.html). How can I make sure no one can get to the third page without first going through the login(admin.html)? (I don't think I need session cookies...just something simple to check where user is coming from)

any help is greatly appreciated.......thanks.

 

[cfgoodies]

In admin_check.cfm, set a client variable after you have validated the user. Something like: <cfset client.loggedIn = &quot;true&quot;>

Then, make your third page (third_page.html) a CF page, instead of a html page. Just change it to &quot;third_page.cfm&quot;.

Finally, in third_page.cfm, include some logic like this:

<cfparam name=&quot;client.loggedIn&quot; default=&quot;false&quot;>
<cfif not client.loggedIn>
<cflocation url=&quot;admin.html&quot;>
<cfabort>
</cfif>

Just remember to set up client management. Usually this is done by including the following in your application.cfm file.

<cfapplication clientmanagement=&quot;yes&quot; setclientcookies=&quot;yes&quot;>

HTH,

Brad