Session and client are not shared variables to other users. -----Original Message----- From: Jeffry Houser [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 9 July 2002 2:02 AM To: CF-Talk Subject: Re: Variable Scopes / Multiple Sites
It could be unusual, or then again perhaps not. I can assume that if one person creates a variable named "Password" and another person is able to access it then that the variable must be in one of the shared scopes (I.E. application, session, or client). If two different templates are using the same application name (on the same ColdFusion server), then they share the same application variables. Are database queries involved? Without proper use of transaction locking, you may experience problems with the wrong value being returned from a query. I doubt you could randomly reproduce this type error 100% of time, though, but I would expect it to show up commonly on a high-traffic site. Consider this scenario: PersonA registers PersonB Registers PersonA creates their user PersonB creates their user PersonA selects their password from the database, using 'order by userID desc' PersonB selects their password from the database , using 'order by userID desc' Both PersonA and PersonB will return the same password value. ______________________________________________________________________ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
