Judson, I know we've collaborated on many posts. I appreciate that you are a 'thinker' and don't just swallow whatever is fed to you. I also followed links to your websites from another post and thought they were very good, oh, and I found your music to be very appealing.
Regarding the question at hand, I was wondering the intent of this code. It seems like you are simply testing to see if the person is logged in and if they are not redirect them to a page, but instead of a login page you are directing them towards the home page.
If I guessed correctly at the intent, I would typically do something like this..
1) make a list of secure folders (could also include top level file names)
2) check to see if the user is currently inside of a secure folder (which means it requires a login)
3) check to see if the user is logged in or not
4) load the login page and interupt the request (end the page load after the login.cfm)
<cfset secureFolders = "admin,myAccount,shopping">
<cif listFindNoCase(secureFolders, listLast(cgi.script_name,"/\"))> <!----- this is a secure folder ---->
<cfif NOT isDefined("session.userID") or val(session.userID) eq 0> <!---- no userID, so not logged in ---->
<cfinclude template="login.cfm">
<cfreturn false>
</cfif>
</cfif>
Ok, so long story short. This is very similar to what you're doing. I mention it in case I'm on the right track and it may give you ideas about securing only certain folders.
In your case, we are just avoiding the home page when checking for a login. If that's all you need, then that works. If you need more (some pages secure and others not) perhaps a bit more like the code I just posted?
