I’ve got a ColdFusion page that I want to include some admin level jQuery functions to authenticated users but I’m not sure what the best practice is for achieving this. Currently, I have a cfif statement inside my document.ready that checks to see if the user is logged in (session scope) and if so, runs a cfinclude to a file with the additional code in it.
Is this the most secure way to get the business done or is there a better way?
$(document).ready(function(){
<cfif #variable# IS "authenticated">
<cfinclude template="includes/theadminfunctions.js">
</cfif>
// a bunch of other code here...
});
Ok, well first thing is to point out that the
cfifis not actually inside yourdocument.readyfunction. As far as CF server is concerned, the JS is just text, no different to HTML or anything else.The CFML runs on the server and generates text (HTML/JS), which is passed to the web server then across the internet, then the user’s browser interprets the text as HTML+JS.
Some of CF’s functionality can blur the distinction there, by hiding some of the back and forth, but it’s important to know what’s actually happening: your CFML is generating text/code, but doesn’t directly interact with that JavaScript.
But anyway, back to the main question… the way you’re doing it ok, but not necessarily the best way. JavaScript should be in separate files so they can be cached/refreshed individually of the page. Also, depending on what your JS can contain, you may want to block access to the file itself.
Since you’re using CF-level login checks, the way to do that is to use a CFM file for your JS and add a check at the top of the file.
I would probably do it like this:
Then inside
loggedin.cfmyou would have: