Hi Tom, I had this happen years ago.. though it may not be the same cause, this solution may work for you.
Perhaps the page is being cached somewhere, so you can work towards preventing this by ensuring every page request has a unique url. Heres what i do.. Put this code somewhere in application.cfm (or equivalent) <cfset tkn = "cfid=#session.cfid#&cftoken=#session.cftoken#&dts=#dateformat(now(),'dd mmyy')##Timeformat(now(),'hhmmss')#" /> Then on urls and form actions.. <a href="index.cfm?this=that&#variables.tkn#"> If you dont fancy passing cfid and token around in the url (some ppl dont), then substitute it with something else user related.. (or something random) Hope this helps. Cheers, Adam -----Original Message----- From: Tom MacKean [mailto:[EMAIL PROTECTED] Sent: Thursday, 7 April 2005 4:55 PM To: CFAussie Mailing List Subject: [cfaussie] Weird session behaviour Hi all, I'm having some dramas with the admin part of my site. I have users logging in with user name and pasword. I then check the username and password against a list in the database. Code is: <!--- ======================================================= ---> <cfquery name="qThisUser" dbtype="query"> SELECT * FROM application.users <!--- defined in Application.cfm ---> WHERE user_name = '#GetAuthUser()#' </cfquery> <cfquery name="qUserClinic" dbtype="query"> SELECT * FROM application.clinics <!--- defined in Application.cfm ---> WHERE clinic_id = #qThisUser.clinic_id# </cfquery> <cfset session.thisuser = StructNew()> <cfset session.thisuser.user_name = qThisUser.user_name> <cfset session.thisuser.user_firstname = qThisUser.user_firstname> <cfset session.thisuser.user_surname = qThisUser.user_surname> <cfset session.thisuser.user_roles = qThisUser.user_roles> <cfset session.thisuser.clinic_id = qUserClinic.clinic_id> <cfset session.thisuser.clinic_name = qUserClinic.clinic_name> <cfset session.thisuser.clinic_shortname = qUserClinic.clinic_shortname> <cfset session.thisuser.clinic_type_id = qUserClinic.clinic_type_id> <cfset session.thisuser.clinic_hasdates = qUserClinic.clinic_hasdates> <!--- ======================================================= ---> So I end up with this session structure that I can use to check whether a user should be on a page, write their name to the db to track when they make a change, display only the right stuff for them, etc. A case in point, when I log in it says "Welcome Tom" on each page. To my thinking (and I'm obviously wrong), this session scope structure should only hang around for a particular browser session. When I go to another computer and log in as someone else, it should not continue to say Welcome Tom on each page (until I refresh). It appears that the server is somehow storing the session structure and applying it to future logins. For the most part, I've been making up this login thing as I go along - bits and pieces from books and demo sites, etc, and I don't understand it that well. Can someone see where I'm going wrong? If you email me, I will give you access to the site so you can see what I mean. Many thanks, Tom MacKean www.sydneyivf.com NOTICE: Medical and scientific information provided in print and electronically by Sydney IVF might not be relevant to your own circumstances and should always be discussed with your own doctor before you act on it. This communication is confidential and may contain copyright or otherwise protected information of Sydney IVF Limited or a third party. If you are not the intended recipient of this communication please immediately let us know by reply email or telephone us on +61 2 9221 5964, delete the communication and destroy all copies. --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Aussie Macromedia Developers: http://lists.daemon.com.au/ --- You are currently subscribed to cfaussie as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED] Aussie Macromedia Developers: http://lists.daemon.com.au/
