Ryan,
> I have two questions that are slightly related: > > 1) I have an application with lots of different user profiles. > If I log in as one user, and a colleague logs in as another user and > changes his CFID and CFTOKEN to be the same as mine (for testing > purposes), he is instantly given full access to my session. > Is there any way I can stop this from happening (for example log them > out if their CFID or TOKEN changes)? > Simple solution, but easy to get around is to compare... No its gone... I forget what you're supposed to do. Whoops Sorry... > 2) Does anyone know any JavaScript that will stop a user from clicking > the Close button on their browser, and bring up an alert telling them > they must log out? > Use the onUnload element on the BODY tag of your pages to call a page that will log the user out automatically. Regards Stephen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists