Yes, it's expected behaviour.  Your CFLOGIN tag will fire for
non-logged-in requests, and the cflogin structure will be populated by
HTTP Basic Auth credentials.  If you then validate that information
against a database or something, it's entirely possible to be logged
in to both "things" (apache and your app) with a single request.

If you want to avoid that from happening, I think the only thing you
can do is not use the CFLOGIN struct for your application-level
authentication, and instead use something else (like differently named
FORM fields).  I've never used HTTP auth with a CF application though,
so it's entirely possible (likely even) that I'm missing something.

cheers,
barneyb

On Fri, 10 Dec 2004 12:57:57 -0000, Edward Chanter <[EMAIL PROTECTED]> wrote:
> Dear All,
> 
> This is a bit of a weird one... I'm trying to use apache to protect a folder
> on the web server using the .htaccess file and relevant command lines to
> create users etc. After a bit of playing around with it I got it working
> just fine. Then I tried to implement a CF auth framework on the same
> directory using a known good mx code base, and suddenly when I log in via
> apache cf's GetAuthUser() function treats me as if I'm logged in as well...
> Is this something it's supposed to do or have I done something wrong when I
> was setting it up? More importantly is there a way to stop this
> behaviour...?
> 
> Thanks in advance for any insight  :-)
> 
> best wishes,
> 
>            -= Ed

-- 
Barney Boisvert
[EMAIL PROTECTED]
360.319.6145
http://www.barneyb.com/blog/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Special thanks to the CF Community Suite Silver Sponsor - CFDynamics
http://www.cfdynamics.com

Message: http://www.houseoffusion.com/lists.cfm/link=i:14:3792
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/14
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:14
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.14
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

Reply via email to