RE: disabled accounts...still able to log in

Thu, 14 Jun 2001 06:41:53 -0700 

Have you tried to stop and start CF before rebooting your machine.

We use Linux, but I know a on lot of the NT servers,
CF should be stopped and started now and then.

Herman
____________________
Herman A Cremer
Systems Engineer
SolidLiquid Pty Ltd
South Africa
+27 (0) 12 665 0636
____________________

-----Original Message-----
From: Tumy, Brad [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 14, 2001 3:48 PM
To: CF-Server
Subject: disabled accounts...still able to log in


I am working on a system developed in Cold Fusion that provides security
using NT based accounts that are synched with a Users table in a SQL
database. We also use session variables to authenticate and authorize. In
the Users table there are two fields that we use to see if the user should
be authorized or not.

We found a situation where out of several hundred disabled users, about 30
were still able to log in...we could log in using their accounts from
various workstations. After checking all of the usual suspects: log files,
event viewer, IIS settings, CF settings, checked the database for duplicate
records...etc, etc we found nothing wrong nor anything that would allow us
to correct this problem.
So, we reboot the server this morning and now those accounts are no longer
authorized.

I am guessing this has to do with the server not being rebooted for some
time and that there is some bug that caused the session variables to remain
active on these specific accounts.

If anyone has seen this behavior or knows how to resolve it I would
appreciate it...I know that I'll have to make sure the server is rebooted
more often...but that hardly seems like an appropriate solution nor would I
feel comfortable going to the client and telling them that they just need to
reboot more often.

Brad Tumy
IT Group

TB Department
BAE SYSTEMS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
To unsubscribe, send a message to [EMAIL PROTECTED] with 
'unsubscribe' in the body or visit the list page at www.houseoffusion.com

Reply via email to