Is there a way to secure folders in ColdFusion, without the use of Application.cfc in every folder?

Question

The only way I can figure how to secure folders, is to include a basic Application.cfc in every-single-one including sub-folders.

If file /test/thisfile.cfm is secure and sends a user not logged in to the login page, however the folder /test/test2/ must also have an Application.cfc or a user could directly go to test/test2/thatfile.cfm without a problem.

I know there has to be a better way than this, I'm just not sure what it is and everything on Google is telling me to use the "Login Wizard" or to install a framework. Neither of which is an option for me.

Another consideration, this must work in MX 7 unfortunately. If there are better options in CF 9, then I would be happy to hear them, but the priority is MX 7.

Answer 1

Without an Application.cfc file or an MVC Framework, you can manually start each "secure" CFM file with a check for a session variable:

<cfif (NOT structKeyExists( session, "isLoggedIn" )) OR (session.isLoggedIn = false)>
    <cflocation url="/" />
</cfif>

Of course, this is a very laborious and not easily maintained practice, but sometimes you just work with what you got.