Are you literally using the user's first name as the session variable? if so I would not do this. If you have not done so create a user table with a unique ID for each user and when they log in use that unique ID as the session variable for that user. Also check overall for variable naming to make sure that the same names are not being used for different variables and in addition make sure that all variables are fully scoped. I would also check that the user session variables are being deleted by checking if they still exists after they are supposed to have been deleted. One last tip, directly after log in I usually present the user with a screen saying something like "Welcome Joe Bloggs to xxx, if you are not Joe Bloggs please log in again". May seem obvious but it is a small double-check that something did not go wrong in the log on process.
Hope this is relevant and helps. Mike Brunt Sempra Energy 213.244.5226 "System Error: press F13 to continue..." -----Original Message----- From: Chris Bohill [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 13, 2001 9:21 AM To: CF-Talk Subject: Having major problems with session variables Hi, Session Variables seem to be a hot topic at the minute, so I was wondering if anyone could shed some light or give some advice on the problem below. We have a multiple user web based application that is all user-profile based. User A is the site administrator with full access to the site. User B is a member of company 1, and he can only see his companies data on the site. User C is a member of company 2, and he can only see his companies data on the site. What we are experiencing is a swapping of user profiles. User B is logging in as himself and is happily navigation through the site, gaining access to their own data, until they start to see information which is supposed to only be relevant to User C. User A is sometimes logging in, and is getting restricted access to the site because he has somehow inherited the profile of another user (who has a lower access privilege). Somehow the profiles are being swapped while the users are in the system. We are using session variables for the profiling, and access privileges, but the somehow are getting mixed up. When we are calling session variables in a query on any individual page we have declared local variables corresponding to these at the top of the page, and referenced these throughout the rest of the page, see below, <cflock timeout="10" type="READONLY" scope="SESSION"> <cfset Variables.chris = session.chris> </cflock> ........................ <cfquery name="queryName" datasource="#mydsn#"> Select * from table where user_id = #Variables.chris# </cfquery> We are also using StructClear() to kill the session variables when the user logs out. I do not know what else to do, as the problem is still persisting. Has anyone experienced this, or can they offer any advice or direction. Cheers, ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
