Are you running cflogin on EVERY rerquest? I believe it is required. Even though the insides will be ignored when you are logged in - I think CF has to "see" it to notice security crap.
On 2/23/07, Michael Beins <[EMAIL PROTECTED]> wrote: > In my application.cfm file I have session management and client management > turned on I do not specify the loginstorage so it is using cookies to store > login information. With the cflogin tags I call a custom tag I wrote to > handle the authentication. I pass it the user name and password received > from the login form and if authenticated I use the cfloginuser tag with in > the custom tag. I can log in just fine and use the secure section of my > site, I can find the cookie set by the cfloginuser tag, but the getAuthUser() > function returns an empty string. I have also verified that I am not passing > an empty string to the cfloginuser tag for the name attribute. > > Any ideas? > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create Web Applications With ColdFusion MX7 & Flex 2. Build powerful, scalable RIAs. Free Trial http://www.adobe.com/products/coldfusion/flex2/ Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:270603 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
