Thanks for responding guys.. I am still a coldbox newbie so I
appreciate the help!
Makes a lot more sense now that I have a basic understanding of what's
going on. I have updated my code but from what I understand I am not
sure how this would work. If the interceptor gets cached in the
onApplicationStart the session variables will never exist. When I go
to grab the values in my pre process they are always undefined.
If the event is in the black list and the user is not logged in I want
to show the login form. That works, but even when I get "logged in" it
always shows the login screen because those session vars don't exist.
What am I missing?
<cfcomponent displayname="Security Interceptor" output="false"
extends="coldbox.system.interceptor">
<cffunction name="configure" access="public" returntype="any"
output="false">
<cfset setBlackList(getProperty("blacklist"))>
</cffunction>
<cffunction name="preProcess" access="public" returntype="void"
output="false">
<cfargument name="event"
type="coldbox.system.web.context.RequestContext" required="true">
<cfargument name="interceptData" type="struct" required="true">
<cfset var rc = event.getCollection()>
<cfset var oSession = getPlugin("SessionStorage")>
<cfif listContains(getBlackList(),rc.event)>
<!--- this page is a secure page and the user needs to be logged in
to get there --->
<cfif NOT oSession.exists("isLoggedIn") OR NOT oSession.getVar
("isLoggedIn")>