Try Locking your session variables using CFLOCK -----Original Message----- From: Mark [mailto:[EMAIL PROTECTED]] Sent: Monday, April 09, 2001 1:01 PM To: CF-Talk Subject: Best way to identify users after authentication Hi all, We have a site that a user can log into using a username and password, and then they can update their personal account information. Currently, the user can only access if the username and password match those in the database, and then a cookie is set to be able to identify the user and allow retrieval of their account info and personal options. In about 2-3 cases out of 500, some users get somebody elses information (if you are Mary, you might have Jim's information). The system checks to see if cookies are enabled, and won't allow the user to login without having cookies turned on, so I'm not sure why this happens. Is this the best way to identify the user by using a cookie after authenticating? Or should a client or session variable be set instead? What's the most secure and reliable method? Thanks! Mark ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
