To enforce your authentication logic, you should wrap all remote CFC calls in Application.cfc with this logic.
Unfortunately you're using CF8, so you can't use the onCFCRequest
method of Application.cfc to easily wrap all your remote requests. But you can do the same thing in onRequestStart
by checking if the target page ends in '.cfc'
.
<cffunction name="onRequestStart">
<cfargment name="targetPage">
<cfif right(targetPage, 4) eq '.cfc'>
<!--- Perform authentication check --->
<cfif not loggedIn>
<!--- Return "unauthorized" to the client --->
<cfheader statuscode="401">
<cfabort>
</cfif>
</cfif>
</cffunction>
Then, in your Ajax fail
handler, check for a 401 status code and display a message to the user indicating the need for logging in.