Phils Answer is spot on, but this is a nice FYI:

You can utilise CFLOGIN, provided you have Anonymous Access turned off via
IIS.

This works just as effective as the also returns the domain and piggy
backs NT Authentications encoded cookie.

What this also means, is instead of doing a parser routine with the CGI
variables, you can simply use isUserInRole() to determine if that user is
infact logged in. You can also of course use getAuthUser() to simply
return the users login name.

There is a flaw with using such a systems though, in that when you "log"
someone out, all it does is wipeaway their roles access, their Username
will still return "DOMAIN/Barness" when invoking getAuthUser().

So bare this in mind.

Also, when you use the NT Authentication (ie Active Directory) method, the
password will be encoded within the cookie, giving as Spike stated @MXDU,
people access to your password if they have access to such a cookie.

Either solution you choose, i recommend you use IsUserInRole() to
determine if a user is infact logged in, as this will save your ass big
time. In using such a method, you of course have to set a unique role for
all members (ie i'd use something like "UserIsLoggedIn") to provide a
true/false result in find if a user has been logged in.

Scott Out.


---
You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]

MX Downunder AsiaPac DevCon - http://mxdu.com/

Reply via email to