Accessing copied path after logged out

Question

Hello people, I'm having an issue within a Coldfusion application.

The user logs in and access a page. The page contains two links: one to another cfm page and the other one to an image.

1. If I copy the URL of the image and then log out from the application, and then paste this URL into the address bar of any browser (which is within the same path) I will be able to see the image. This shouldn't be happening, the Application.cfm page should redirect my request to the login page.

2. However, if I do the same thing with the other link, the one that will take me to the cfm page, then the Application.cfm page will redirect the request to the login page, as it should.

Anyone with an idea how to avoid the behavior described in item 1?

Thank you

haxtbh · Accepted Answer

You cant, the image is not constrained to Coldfusion. It does not call the application.cfm when you run anything other then a .cfm, .cfml or .cfc (coldfusion extensions)

The image, like most media (css, js etc) are being served by the web server. If you want to restrict access you will need to implement authentication on the web server lever.

Your only real option output the image onto a page. So the page would still be a cfm, when requested it would process the application.cfm. You would never link directly to the image, just the page that is loading the image.

You would have to do something like cfimage Code Examples and CFML Documentation and writeToBrowser to stop the image URL from being seen.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded