Hi All
Just after your comments regarding security. I'm using Hal Helms extended
Fusebox and in the top level index.cfm I have added a simple custom tag
<cf_clearUser>:
<!----clearUser.cfm --->
<cfparam name="Client.Authenticated" default="No">
<!--- check if new browser session and if so clear settings --->
<cfif not IsDefined("Cookie.newBrowser")>
<cfcookie name="newBrowser" value="Yes">
<cfset Client.Authenticated = "No">
<cfset temp = #DeleteClientVariable("UserName")#>
<cfset temp = #DeleteClientVariable("UserRoles")#>
</cfif>
I allow the user to visit the site without a log in, if they do login, more
functions are available. However if they exit the browser, I want their user
details cleared, so that the next user can not get access to the secured
functions without doing their own login in.
The idea above is that when a user visits the site, a memory based cookie is
created, each time index.cfm is processed if the cookie exists, it knows the
user and he has not closed the browser. But if the Cookie.newBrowser does
not exist, it's a new browser session and any client user variables should
be deleted.
Your thoughts
Cheers
Gary
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
