So, basically, the username and password is written out in plain text in the cookie for anyone to steal. Great security.
Anyway, don't just trust the existence of the cookie - you need to log the user in to your site with the username and password. Otherwise, I can just manipulate my browser to set a cookie called "mysite_loggedin" and get logged in to your site. Read the value of the cookie from the COOKIE scope and send the user|pass|pin to your code to log them in. Then, hope that no-one executes a successful XSS attack on your users. Then, fire the .NET developer. mxAjax / CFAjax docs and other useful articles: http://www.bifrost.com.au/blog/ 2009/4/2 Les Mizzell <lesm...@bellsouth.net>: > > I've got a client that's decided to try and use a .net login system > written for one of their sites for *all* their sites, including the huge > CF site I maintain for them. > > Looking at the .net code for this thing *really* reminds me why I like > Coldfusion so much - sheesh, 15 or so files and a couple thousand lines > of code to log somebody in? > > Anyway, it all comes down to the below if the login is successful: > ---------------------------- > Response.Cookies["mysite_loggedin"].Value = user+"|"+pass+"|"+pin; > Response.Cookies["mysite_loggedin"].Expires = DateTime.Now.AddDays(14); > > HttpCookie aCookie = new HttpCookie("mysite_loggedin"); > aCookie.Value = user+"|"+pass+"|"+pin; > aCookie.Expires = DateTime.Now.AddDays(14); > > Response.Cookies.Add(aCookie); > ---------------------------- > > I'd like to be able to transfer those cookie values over to CF Session > values, which thusly would have them counted as "logged in" on the CF > Admin section of the CF site. > > I'm not .net literate - but could somebody point me in the right > direction to be able to swap the .net cookes/values for CF session > values? Ideas? > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321258 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
