It doesn't work that way. Since your CFLOGINUSER call is inside a CFLOGIN call, that CFLOGIN call *won't* run when the second server sees your authentication cookie because CFLOGIN only runs when you are *not* authenticated. Respectfully,
Adam Phillip Churvis Certified Advanced ColdFusion MX 7 Developer BlueDragon Alliance Founding Committee Get advanced intensive Master-level training in C# & ASP.NET 2.0 for ColdFusion Developers at ProductivityEnhancement.com ----- Original Message ----- From: wolf2k5 To: CF-Talk Sent: Saturday, March 25, 2006 5:02 AM Subject: Re: cflogin and load balancing On 3/24/06, Adam Churvis <[EMAIL PROTECTED]> wrote: > If I'm not mistaken, *authorization* (not authentication) can't work across multiple CF servers -- clustered or not -- because there's no mechanism for specifying *roles* on any computer other than the one on which CFLOGINUSER was executed. But if the cflogin cookie is there, the second server will automatically execute the cflogin/cfloginuser code, effectively re-logging in the user and re-assigning him the roles automatically. Besides the security concerns (username/password in the cookie), that can be somewhat mitigated using HTTPS, do you see any other issue with this? Thanks. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:236218 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54