On 3/24/06, Adam Churvis <[EMAIL PROTECTED]> wrote: > If I'm not mistaken, *authorization* (not authentication) can't work across > multiple CF servers -- clustered or not -- because there's no mechanism for > specifying *roles* on any computer other than the one on which CFLOGINUSER > was executed.
But if the cflogin cookie is there, the second server will automatically execute the cflogin/cfloginuser code, effectively re-logging in the user and re-assigning him the roles automatically. Besides the security concerns (username/password in the cookie), that can be somewhat mitigated using HTTPS, do you see any other issue with this? Thanks. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:236202 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
