• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Accessing copied path after logged out

Participant ,
Oct 10, 2017 Oct 10, 2017

Copy link to clipboard

Copied

Hello people, I'm having an issue within a Coldfusion application.

The user logs in and access a page. The page contains two links: one to another cfm page and the other one to an image.

1. If I copy the URL of the image and then log out from the application, and then paste this URL into the address bar of any browser (which is within the same path) I will be able to see the image. This shouldn't be happening, the Application.cfm page should redirect my request to the login page.

2. However, if I do the same thing with the other link, the one that will take me to the cfm page, then the Application.cfm page will redirect the request to the login page, as it should.

Anyone with an idea how to avoid the behavior described in item 1?

Thank you

Views

1.8K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Advocate , Oct 11, 2017 Oct 11, 2017

You cant, the image is not constrained to Coldfusion. It does not call the application.cfm when you run anything other then a .cfm, .cfml or .cfc (coldfusion extensions)

The image, like most media (css, js etc) are being served by the web server. If you want to restrict access you will need to implement authentication on the web server lever.

Your only real option output the image onto a page. So the page would still be a cfm, when requested it would process the application.cfm. You would never li

...

Votes

Translate

Translate
Advocate ,
Oct 11, 2017 Oct 11, 2017

Copy link to clipboard

Copied

You cant, the image is not constrained to Coldfusion. It does not call the application.cfm when you run anything other then a .cfm, .cfml or .cfc (coldfusion extensions)

The image, like most media (css, js etc) are being served by the web server. If you want to restrict access you will need to implement authentication on the web server lever.

Your only real option output the image onto a page. So the page would still be a cfm, when requested it would process the application.cfm. You would never link directly to the image, just the page that is loading the image.

You would have to do something like cfimage Code Examples and CFML Documentation  and writeToBrowser to stop the image URL from being seen.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Oct 11, 2017 Oct 11, 2017

Copy link to clipboard

Copied

Excellent advice and thank you very much for the explanation!

I will implement it.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Oct 11, 2017 Oct 11, 2017

Copy link to clipboard

Copied

Do you have an idea about how to deal with the same situation if the file is an Excel or PDF instead of an image?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advocate ,
Oct 11, 2017 Oct 11, 2017

Copy link to clipboard

Copied

You  can do the same kind of thing but instead of using cfimage, you can use cfcontent / cfheader.

Something along these lines:

<cfcontent type="application/msexcel">

<cfheader name="Content-Disposition" value="filename=myfile.xls">

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Oct 11, 2017 Oct 11, 2017

Copy link to clipboard

Copied

LATEST

Thank you once again

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation