Session Management of Non-CFM files

[TBJ]

I have a directory which contains cfm and NON-cfm files. The user has to login
before accessing the site. I am using session variables to track
authentication. However, most of the files are HTML. Is there a way to make
sure the user has logged in before viewing the HTML files. Right now, once they
login to the site via cfm files they could easily bookmark the html pages and
still get right in without loggin in? I tried sandbox security but that didn't
help either.

[cf_menace]

Usually you
[url]http://www.macromedia.com/cfusion/webforums/forum/messageview.cfm?catid=7&thread[/url]
id=453031&arctab=arc

But with HTML files, you can just create a CFM page with session checking at
the top, then <cfinclude> the HTML file if the session is active. All they'll
see is getPage.cfm?fileID=123.

[Mike Greider]

I think cf_menace's suggestion is a good idea. Ideally, you could move all of
your HTML files under the web root and just cfinclude them from a cfml
template. However, I believe you could also have coldfusion handle HTML files.
By default, ColdFusion is just handling CFM, CFC, etc files and the webserver
is handling JPGs, HTML, etc. By allowing CF to handle HTML files, it still
executes the Application.cfm and executes your authentication code. Not sure
how to do it in MX 6.1, but in CF 5 with Apache, you just change this config
line AddHandler type-coldfusion cfm txt to AddHandler type-coldfusion cfm
txt htm html This is all off the top of my head, so you might have to tinker
around a bit to get your desired results, but I think the idea works.

[sdwebguy99]

You should be able to change the settings in IIS for .HTM files to use the same parser as CFM files. I think that is what you want to do.

[TBJ]

Thanks for the suggestions. I will try them out.