This also may be painfully obvious, but you are using a <cfapplication> tag in your application.cfm file (or somewhere else that runs towards the beginning of _every_ page)?
Regards Darren Tracey Systems Analyst HR Systems and FastTrack, Web and Integration Services p: + 61 7 3232 4091 (x64091) f: + 61 7 3232 4744 e: [EMAIL PROTECTED] l: Lvl 3, 388 Queen St Brisbane QLD 4000 m: Suncorp IPC IT048, GPO Box 1453, Brisbane QLD 4000 > -----Original Message----- > From: Tom MacKean > Sent: Thursday, 7 April 2005 4:55 PM > To: CFAussie Mailing List > Subject: [cfaussie] Weird session behaviour > > > Hi all, > > I'm having some dramas with the admin part of my site. > > I have users logging in with user name and pasword. I then check the > username and password against a list in the database. Code is: > <!--- ======================================================= ---> > <cfquery name="qThisUser" dbtype="query"> > SELECT * > FROM application.users <!--- defined in Application.cfm ---> > WHERE user_name = '#GetAuthUser()#' > </cfquery> > > <cfquery name="qUserClinic" dbtype="query"> > SELECT * > FROM application.clinics <!--- defined in Application.cfm > ---> > WHERE clinic_id = #qThisUser.clinic_id# > </cfquery> > > <cfset session.thisuser = StructNew()> > <cfset session.thisuser.user_name = qThisUser.user_name> > <cfset session.thisuser.user_firstname = qThisUser.user_firstname> > <cfset session.thisuser.user_surname = qThisUser.user_surname> > <cfset session.thisuser.user_roles = qThisUser.user_roles> > <cfset session.thisuser.clinic_id = qUserClinic.clinic_id> > <cfset session.thisuser.clinic_name = qUserClinic.clinic_name> > <cfset session.thisuser.clinic_shortname = qUserClinic.clinic_shortname> > <cfset session.thisuser.clinic_type_id = qUserClinic.clinic_type_id> > <cfset session.thisuser.clinic_hasdates = qUserClinic.clinic_hasdates> > > <!--- ======================================================= ---> > > So I end up with this session structure that I can use to check whether > a user should be on a page, write their name to the db to track when > they make a change, display only the right stuff for them, etc. A case > in point, when I log in it says "Welcome Tom" on each page. > > To my thinking (and I'm obviously wrong), this session scope structure > should only hang around for a particular browser session. When I go to > another computer and log in as someone else, it should not continue to > say Welcome Tom on each page (until I refresh). > > It appears that the server is somehow storing the session structure and > applying it to future logins. > > For the most part, I've been making up this login thing as I go along - > bits and pieces from books and demo sites, etc, and I don't understand > it that well. > > Can someone see where I'm going wrong? If you email me, I will give you > access to the site so you can see what I mean. > > Many thanks, > > Tom MacKean > www.sydneyivf.com > > NOTICE: Medical and scientific information provided in print and > electronically by Sydney IVF might not be relevant to your own > circumstances and should always be discussed with your own doctor before > you act on it. This communication is confidential and may contain > copyright or otherwise protected information of Sydney IVF Limited or a > third party. If you are not the intended recipient of this communication > please immediately let us know by reply email or telephone us on +61 2 > 9221 5964, delete the communication and destroy all copies. > > > --- > You are currently subscribed to cfaussie as: [EMAIL PROTECTED] > To unsubscribe send a blank email to > [EMAIL PROTECTED] > Aussie Macromedia Developers: http://lists.daemon.com.au/ ----------------------------------------------------------------------------------- This e-mail is sent by Suncorp-Metway Limited ABN 66 010 831 722 or one of its related entities ("Suncorp"). Suncorp may be contacted at Level 18, 36 Wickham Terrace, Brisbane or on 13 11 55 or at suncorp.com.au. The content of this e-mail is the view of the sender or stated author and does not necessarily reflect the view of Suncorp. The content, including attachments, is a confidential communication between Suncorp and the intended recipient. If you are not the intended recipient, any use, interference with, disclosure or copying of this e-mail, including attachments, is unauthorised and expressly prohibited. If you have received this e-mail in error please contact the sender immediately and delete the e-mail and any attachments from your system. If this e-mail constitutes a commercial message of a type that you no longer wish to receive please reply to this e-mail by typing Unsubscribe in the subject line. --- You are currently subscribed to cfaussie as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED] Aussie Macromedia Developers: http://lists.daemon.com.au/
