CFLOGIN problem with IsUserInRole

[johk02]

Hi,

I have a serious problem with the security regarding the login function. I am using CFLOGIN and it's features. The problem is when I switch btw 2 application without closing the browser window.
For example - if I log in to App 1 and it I get the role "Admin" and if I switch to App2 that requires you to log in as well and have the same Roles set up, I "bypass" the log in function. Are there any way to make the Roles unique for just on application??

Thanks

Jonas

 

[ecobb]

Do these applications have the same "name" in the cfapplication tag? If so, you'll need to change one of them.



Hope This Helps!

ECAR
ECAR Technologies, LLC

http://www.ecartech.com

"My work is a game, a very serious game." - M.C. Escher

 

[johk02]

Yes they do.
Should I give them a cryptic name for added security??

Thanks
Jonas

 

[ecobb]

It wouldn't hurt, but I don't think it will matter much. What's happening is that since both applications have the same name, CF sees it as the same application. So, if you're logged into one, you're logged into the other and CF will pass the info between the two.



Hope This Helps!

ECAR
ECAR Technologies, LLC

http://www.ecartech.com

"My work is a game, a very serious game." - M.C. Escher