Hi all,
We have a site that a user can log into using a
username and password, and then they can update their
personal account information.
Currently, the user can only access if the username
and password match those in the database, and then a
cookie is set to be able to identify the user and
allow retrieval of their account info and personal
options.
In about 2-3 cases out of 500, some users get somebody
elses information (if you are Mary, you might have
Jim's information). The system checks to see if
cookies are enabled, and won't allow the user to login
without having cookies turned on, so I'm not sure why
this happens.
Is this the best way to identify the user by using a
cookie after authenticating? Or should a client or
session variable be set instead? What's the most
secure and reliable method?
Thanks!
Mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
