> I just checked again after two hours and it's still doing it.
> They installed 4.5.1 yesterday and I'm sure they changed a lot
> of stuff on the server in the process, but other pages in the
> site aren't doing this. Would someone please check their server
> and tell me if it is doing the same thing?
The CF Administrator is just a CF application. It uses Client and Session
variables, and sends cookies to the browser to associate a specific user
with a session. These cookies are persistent, and therefore if you open your
browser, log into the CF Administrator, close your browser, then reopen it
before the session has expired, your session variables are still available.
If you want to secure the CF Administrator, you should use the security that
your web server provides. Optimally, this means Basic Authentication through
SSL; if you don't have SSL, you might use NTLM Authentication or Basic
Authentication. This will require configuring the web server, rather than
CF, to request a username and password before it allows you access to the CF
Administrator.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
