Hi Gordon,
You need to be a tad careful here. Consider that the .js and .css files are inside the web folder (well at least a sub directory of the web folder) and are static, but are certainly required _before_ the user logs in (so they can, um, get to the login page <g>).
That said, restricting static files to logged in users is possible - there are two approaches;
a) the easiest is to put restricted files in the \web\loggedin folder.
Files in this folder can only be served to people who are loggged it.
[aside: there's also a \web\secure folder for files that can only be served over SSL. Surprisingly there isn't a folder though for "must be logged in AND SSL" but if your server only does SSL anyway, then the \web\loggedin folder is sufficient ]
[aside: these are default names, \web\loggedin and \web\secure, and can be changed - there are properties in the class for them, but unless there's a _really_ good reason to change the name there isn't much point in doing so. ]
b) The more complicated approach allows you to inspect each request, and make some sort of decision as to whether it's ok or not to serve it. You can code this into the WebHandler, ProcessGet method, before the parent call. If you choose _not_ to allow the file then set the property self.DontSendFile = true.
Typically you'd also do a self.SendError as well. So, for example;
if self.GetSessionLoggedIn() = 0 and instring('\mypage.htm',lower(self.RequestFileName),1,1)
self.SendError(401, 'Not Logged In', 'You need to Log In before you can view that page')
self.DontSendFile = true
end
As mentioned earlier you probably don't want to filter out _all_ static files, but you could exclude all files not in say the scripts, styles, or images folders. Something like this;
if self.GetSessionLoggedIn() = 0
if Instring('\scripts\',lower(self.RequestFileName),1,1) or |
Instring('\styles\',lower(self.RequestFileName),1,1) or |
Instring('\images\',lower(self.RequestFileName),1,1)
else
self.SendError(401, 'Not Logged In', 'You need to Log In before you can view that page')
self.DontSendFile = true
end
end
Cheers
Bruce