That's actually a known issue with <CFLOGIN> and <CFLOGOUT>. It was discussed at MAX. The only way to make sure it works correctly is to remove the cookies manually after your <CFLOGOUT> tag. Using <CFLOGIN> with sessions also has a bug. I went to an entire session on <CFLOGIN> and the basic answer was to either handle it manually or don't use it until the Blackstone production release. John Burns
________________________________ From: Phillip Perry [mailto:[EMAIL PROTECTED] Sent: Thu 11/4/2004 7:34 PM To: CF-Talk Subject: CFLOGOUT Hi, I'm using the cflogout tag but I don't think the session was logged out. I managed to delete the cookie but the user can still get into the protected area after logout. This is the code for logout i'm using... <cflogout> <cfif IsDefined("cookie.ISTHISPERSONLOGGEDINORWHAT") EQ "Yes"> <cfcookie NAME="ISTHISPERSONLOGGEDINORWHAT" VALUE="Yes" EXPIRES="NOW"> </cfif> <cflocation url="http://localhost/applewood/mycommunity/index2.cfm"> I thought that the cflogout was supposed to get rid of the session. Can someone shed some light on this please? Thanks Phil ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Special thanks to the CF Community Suite Gold Sponsor - CFHosting.net http://www.cfhosting.net Message: http://www.houseoffusion.com/lists.cfm/link=i:4:183515 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54