Hi everyone, My websites has different types of profiles that our end users log into that follows a simply hierarchy that goes as follows.
Administrator -> Super Users -> End Users Where all Super Users are managed by the Administrator and each Super User manages a subset of all End Users. Each profile is locked by a username and password from a login page. For debugging, auditing or support purposes sometimes it becomes very useful for the Administrator to log into the profile of one of his Super Users or for a Super User to log into one of his End Users profiles since each profile contains different landing pages and content. I'm trying to achieve this functionality without the need to look up that persons password (for obvious security reasons) so I've been toying around with different methods. My first thought was to use CFHTTP but I've had no luck with it. I thought I could simply do <cfhttp url="mylogincheck" method="post" redirect="true"> <cfhttpparam type="formfield" name="username" value="#username#"> <cfhttpparam type="formfield" name="password" value="#password#"> </cfhttp> and it would redirect me much like a <cflocation> does except with form data being posted, but I could get that desired behavior. I've gave up on this and did the following. <cfoutput> <form action="mylogincheck" method="post" name="login"> <input type="hidden" name="username" value="#username#"> <input type="hidden" name="password" value="#password#"> <script language="JavaScript"> document.login.submit(); </script> </form> </cfoutput> Which works but I'm concerned this is a not the correct way and could possibly pose security issues since I'm technically creating an HTML page with someones password even though the page redirects instantly. Would anyone care to tell me what I'm doing wrong with <CFHTTP> or if alternatively, my concerns are unfounded and my solution is in fact secure. Thanks, Asaf ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:327481 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
