How about a login HTML page that is outside the appication. When the user logs in you instantiate the application name (after processing the login). You would need an application name to handle exceptions too - otherwise it would error out. When the user provides the information and you know what company they belong too you set up the application name that pertains to that company - then store it in a session variable and reuse it in the cfapplication tag. Then you would have something like:
<cfapplication name="#somCompanyName#" ....> The application variables would only be written once for each number of companies you have (and you would have that many applications), and they would remain within the scope of that company. I'm not really sure it would work - having clearly never tried it, but hey ... it's an idea <ha>, and it solves that whole URL variable thing. Mark -----Original Message----- From: Shawn Grover [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 19, 2002 5:32 PM To: CF-Talk Subject: Need Suggestions - Multiple instances of application. We need to allow our users to have access to one or more company's data at a given time. This is done through our application interface, but in essance would require a separate instance of the application for each company. I'm looking for ideas how to do this. The problem is this: We put company specific information into client variables. Opening a second company would overwrite the first's client vars. Previous contractors began looking at this issue, but did not complete it. They were passing a generated token on each call to new windows. However, from an implentation standpoint, the end user may change the URL parameter for the token (hacking), and the token was generated by simple math that may or may not have been sufficient to come up with a unique ID. One of our developers here has suggested using a database table in some way. Before we go down that road, I'm hoping to get some feedback on how others have handled this. Are these the only two feasible options? Placing a token of somesort in the URL parameters or Taking a database hit on each new page/window? I guess we can get into dynamic naming of cookies, but I think managing that would be a large issue. Thanks in advance for any ideas. Shawn Grover ______________________________________________________________________ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists