Redirecting using session variables. 2

[SteelDragon]

Ok, here's a new twist on a previous post I have not gotten a response on: I have a secure area on my web site, the users are authenticated in the CF page against a database. Session variables are on, and my security model works properly, What I need: I need to have a page where the user clicks on a button to go to a FTP, and gets redirected to the FTP site based on a variable that is contained in the DB and is also pulled in the query for the login. For example, if the user logs in, and clicks on the "FTP" link, he gets directed to the FTP based upon his group membership. Something like, Customers go to a public FTP, Partners go to the secure FTP. Is there a way to use CFIF and catch/throw to send these users to the proper URL? Please help, I'm in dire need of assistance.!!!!!!!

Thanks,
SteelDragon

 

[GunJack]

Are you looking to simply re-direct them to an ftp site via a browser link like &quot;ftp://ftp.mysite.com&quot; or are you trying to do something else? If it's the former, you should be able to just use <cflocation url=&quot;ftp://ftpsite.com&quot; addtoken=&quot;no&quot;>

I would think something like this would work.

<cftry>
<cfif userinfo.group is &quot;partner&quot;>
<cflocation url=&quot;ftp://partners.mysite.com&quot; addtoken=&quot;no&quot;>
<cfelse>
<cflocation url=&quot;ftp://ftp.mysite.com&quot; addtoken=&quot;no&quot;>
</cfif>
<cfcatch>
</cfcatch>
</cftry>

Hope this helps,
GJ

 

[SteelDragon]

GJ,

Ok, I can get it to redirect, the problem here now is, how to get my session variables to carry over so they do not have to log in to every page, I can't seem to figure that one out. Also, I do not want them to see the username and password for the FTP when I redirect, IE: I redirect to: FTP://eee:

http://www@123.456.789,

how do I redirect so they cannot see the path?

BTW, you've been awesome help, I am greatful for the assist... Still learning (on the job) no other choice but to kick myself till I get it right. I'm also the only one here that can do this... No-one else knows CF at all.

Thanks,
SteelDragon

 

[GunJack]

Hey Steel,

Glad I can help As far as passing the session variables goes, if every page uses the same application.cfm and you have your <cfapplication> tag there, the sesssion variables will exist on every page. One snag is if cookies are disabled, you will need to pass the cfid &amp; cftoken via url variables on every link and through every form ex.

<a href=&quot;page.cfm?cfid=#cfid#&amp;cftoken=#cftoken#&quot;>Next</a>
<form method=&quot;post&quot; action=&quot;page3.cfm?cfid=#cfid#&amp;cftoken=#cftoken#&quot;>
...
</form>

Passing them via url variables will keep the session alive even without cookies.

In regards to hiding the link, I don't believe there is any way to do this. The cflocation tag sends a re-direct response to the browser and gives it the full url. Since the default behavior for browsers is to display this, I don't think there is anything you can do to hide it. If you need to hide the login information, you could create a CF based FTP client that passes the username and password behind the scenes but that would be a good deal of work just to hide the login info.

Hope this helps,
GJ

 

[SteelDragon]

GJ,
Thanks, That should help, my App.cfm does control all of the pages and I should be able to use that session variable, I also thought of a way to hide the URL, that is to nest it in a frame and use JS to not allow the user to open it in another window, or to be able to view the source, let me know your thoughts on this.

Thanks,
SteelDragon

 

[GunJack]

Hey Steel,

That sounds like a good idea but they can always turn off JS and open it in another window. If the account you're trying to protect is an administrator account, I would be careful about that approach because it doesn't guarantee no one can get to it. If it's an ordinary account that you want to hide from the masses but poses no security threat, I'd say that's probably the best way to do what you want.

GJ