User Guide
364 Chapter 19 Application Security
response is checked against the list of valid users defined for the current security
context.
If the user passes the authentication step, the requested page appears. The
application uses the CGI variables
script_name and query_string to keep track of
the originally requested page so that it can display that page after the user is
authenticated.
All pages governed by this Application.cfm page — those in the same directory as
Application.cfm and in its subtree — automatically invoke this authentication test.
Note
To use this code in your own Application.cfm page, change the application name
and security context name to match your application and security names.
Example: Application.cfm
<cfapplication name="Orders">
<cfif NOT IsAuthenticated()>
<!--- The user is not authenticated --->
<cfset showlogin="No">
<cfif IsDefined("form.username") AND IsDefined("form.password")>
<!--- The login form was submitted. Try authenticating --->
<cftry>
<cfauthenticate securityContext="Orders"
username="#form.username#"
password="#form.password#"
setCookie="YES">
<cfcatch type="security">
<!--- Security error in login occurred. Show login again --->
<h3>Invalid Login</h3>
<cfset showLogin="Yes">
</cfcatch>
</cftry>
<cfelse>
<!--- The login was not detected. Show login again--->
<cfset showlogin="Yes">
</cfif>
<!--- Show the login form --->
<cfif showlogin>
<!--- Recreate the url used to call the requested page --->
<cfset url="#cgi.script_name#">
<cfif cgi.query_string IS NOT "">
<cfset url=url & "?#cgi.query_string#">
</cfif>