I have a directory on my server named "documents" that I need to make sure users are authenticated (logged in) before they can access this directory.
The directory contains PDF documents.
Whats happening is that users are bypassing the log in process and directly accessing documents in this documents directory.
When my users log in a SESSION variable "allowin" gets set.
Normally I have an application.cfc or application.cfm file that will redirect the user to the login page if they dont have the session created.
For example if a user tried to access the site directly with a link and not log in they would not be allowed in and be redirected to the log in page.
Thats because the application runs each time a cfm page runs.
But when a user accesses the site at http://www.mysite.com/documents/test.pdf they get in because the application.cfm doesnt run and enforce the SESSION rule.
Because there is not an application.cfm file in the documents directory.
Any ideas on how to use CF to boot users to a login page that try to access a directory that does not contain an application.cfm or .cfc file?