In the second case, I would actually call something like SiteUser.getAuthenticatedUser() passing in the username and password and returning a loaded site user which could be put into session scope (depending on your session implementation you may have to just put an ID into the session scope and reload the user for each page request).
By putting the user in the session scope you would not have to pass in the session to any of the methods in your security class, right? Example: <cfset session.siteuser = application.siteUser.getAuthenticatedUser(username,password) /> I kind of thought that Kevan's idea of passing in everything in the session scope was a little strange, but perhaps I am not getting it. -Aaron You are subscribed to cfcdev. To unsubscribe, please follow the instructions at http://www.cfczone.org/listserv.cfm CFCDev is supported by: Katapult Media, Inc. We are cool code geeks looking for fun projects to rock! www.katapultmedia.com An archive of the CFCDev list is available at www.mail-archive.com/[email protected]
