i created a login system but i want to know without using cflogin, how can i call my checklogin page i onrequest or onrequest to make sure all pages being browsed are member only pages, my page which is checklogin checks if logged in, navigate to index.cfm, but includfing that in redirect will happen redirect too many imes, i was thinking to create a validation.cfm file and call it on onrequest method so everytime request is made, it checks that file first and then continue next, but my confusion lies how can i stop that file to be executed in the login page and check login page and logout page maybe i am understanding wrong but that is what i am going through as of now

Have you tried using onRequestStart() in your Application.cfc ?

just add an explict allowlist to the on request validation?

Or set a session variable during login and then check for that on every request, many ways to implement this 😉

still gonna need a allowlist for the login pages, I think he's probably already using a session var?

yeah, we usually have a controller that runs on every request checking stuff based of the session scope when using a login system, so that's another way to do it

add a global include in the header for "validate.cfm" which just checks for the session var state

Thanks all, i am aware of all themethods you mention, missing the one @zackster mentioned, i do not like validate.cfm approach as it has to be called on every page eventually i can use my onrequest method but stating should i just call validate.cfm on request or onrequeststart method along with using explicit list of excluding files, can you show some pseudo code of this

there's no difference and i'd stick to the onRequest as it's 2022 not 2022