At 11:25 PM 05/10/2001 -0500, you wrote:
>I am trying to debug a website that is using Session variables. The
>problem is I have one account that is not getting to log on to the website
>because the session variable that are sent to the DB are not in the
>DB. However, all the other accounts that are using this same website are
>allowed to log on to website using the same code.
>
>In my debugging I have discovered that when I log on using a good account,
>and then immediately use the back button on the browser and log on with
>the "bad" account I am able to get into the website.
You are storing CFID and CFTOKEN variables in the database, and
automatically logging users in based on that?
If you log in with a good account, hit the back button... I bet the
'bad' account logs back in as the good account.
Without knowing how you are implementing any of this, I'm not sure.
You may want to make sure that you are logging out before logging back
in. (I.E. deleting all session variables and the CFID and CFTOKEN cookies )
Jeffry Houser | mailto:[EMAIL PROTECTED]
AIM: Reboog711 | ICQ: 5246969 | Phone: 860-229-2781
--
Instant ColdFusion 5.0 | ISBN: 0-07-213238-8
Due out June 2001
--
DotComIt, LLC
database driven web data using ColdFusion, Lotus Notes/Domino
--
Half of the Alternative Folk Duo called Far Cry Fly
http://www.farcryfly.com | http://www.mp3.com/FarCryFly
--
If it's the thought that counts you can always count on me
I think about you all the time
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
