Yea, I'm getting confused a bit. I'm looking at my openBD dump of a request page, and in the .CGI struct I see the following variables
AUTH_TYPE AUTH_USER REMOTE_USER I was doing some googling and I found this w3 document about http and looked at the 'authentication' section. http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html It says http authentication is for users who want to authenticate with a server. My userbase that user's need to authenticate to is not part of the server's user list. I have a database setup and the login script creates a session in OpenBD. If I want remote applications to be able to access the API i create with cfc's, should I just create a cfc function called 'login' that a remote app would send a username and hashed pw too, and the function would create a session? Am I correct in that sessions still stick if you create one via CFC remotely? Or no? -Jason -- online documentation: http://openbd.org/manual/ http://groups.google.com/group/openbd?hl=en
