Alright, so I have an app I forgot I have that was written by a much better/older coder then myself, luckily I am allowed to look through it and it's teaching me a lot...i'm confused about something though...

in the application.cfm page, he has a parameter, "session.admin" it defaults to 0, which makes sense. When you log in, if you are an admin, it changes the session variable to 1...which also makes sense.

Although inside all of the pages that are supposed to be protected (and are protected) by this, I can't seem to find any code that seems to validate for that.

Essentially i'm looking for some kind of if statement checking the session.admin variable, but I can't see anything of the sort...which makes me wonder how in the world is the page secure, but it is.

Is there something i'm missing, or somewhere I should look, some file name that all CF developers use to make a list of protected pages?

Thanks