I?m using cfa-secure to secure my application like this:
<cfa_secure storagetype="Session" securityContext =
"#request.cfa.activelsecuritycontexts#"
username = "#form.username#" password = "#form.password#"
formhandler="/ext_bygganytt/wwwroot/admin/login.cfm"
r_bResult = "bLoginOK" r_stUserProfile = "request.stUserProfile">
As you can see I got the "storagetype"-property set to session, still,
information about which groups a user belongs to is stored in a cookie.
Let?s say that I login as Administrator, I then get all menues that and
administrator should have on my site, now I logout, the logout-function
excutes the following code and then redirects you to the login-page again:
<cfa_logout storageType="Cookie">
<cfa_logout storageType="Session">
Now I login as a regular user wich not have administrator-right, still, I
get the administrator menus. If I logout and then remove my cookies from my
computer and login again with my regular user I don?t get
administrator-rights.
I have searched my code for <cfcookie> and I?ve removed all hits I got but
still something sets a cookie with which users the administrator has.
And maybe I should mention that if I begin with loggin in with an regular
user and after that I login with the administrator-account everything is ok.
The problem is only when an administrator logins.
// daniel
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/spectra_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
