Hi! Sorry for my late answer, I couldn't find the time to pursue this any earlier..
Paul Hastings wrote: > not really good w/cflogin & you're not showing all your code but i > always add <cfprocessingdirective pageencoding="utf-8"> to any > unicode pages as well as <cfset setEncoding("form","utf-8")>, etc for > form & url vars. We use the correct page encoding and set a BOM, but I also tried cfprocessingdirective in addition to everything else, but that didn't work either. As this is cflogin with HTTP Basic Auth, form variables are not an issue here. > what do you see if you dump out the form vars? what happens if you > stay w/utf-8 & use another password (like 'xxxx' or something)? As I said, there are no form variables as there is no form. When the password just contains plain ASCII chars, authentication works fine. What's more puzzling: The issue seems to be somehow browser related; using Opera 9.62, I can login successfully even when I use a password with non-ASCII chars, but all the other browsers I have tested (i.e. Safari 3.1.2 for Windows, Internet Explorer 7 and Firefox 3.0.4 for Windows, Safari 3.1 for Mac OS, Camino 1.5.1Int for Mac and Mozilla 2.0.0.12 for Mac) fail. Here's a full standalone example which reproduces this error on my servers: <!--- start of index.cfm ---> <cfsilent> <cfprocessingdirective pageencoding="UTF-8"> <cfscript> variables.strLogin='foo'; variables.strPassword='fürth'; variables.strRealm='Login für diese Seite'; REQUEST.userAuthenticated = false; </cfscript> </cfsilent> <cflogin> <cfif isDefined('CFLOGIN')> <cfif CFLOGIN.name eq variables.strLogin and CFLOGIN.password eq variables.strPassword> <cfset REQUEST.userAuthenticated = true> </cfif> </cfif> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>CF-Login-Test</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> </head> <body> <cfif NOT REQUEST.userAuthenticated> <cfheader statuscode="401"> <cfheader name="WWW-Authenticate" value="Basic realm=""#variables.strRealm#"""> Login not successful. <cfelse> Login successful. </cfif> </body> </html> </cflogin> <!--- /end of index.cfm ---> The page is saved in Unicode (UTF-8) with BOM im DreamWeaver. When I call this page, I cannot log in. When I change variables.strPassword to something that only contains ASCII chars (no Umlauts, special chars), I can login. We're running ColdFusion 8,0,1,195765 Enterprise 64-bit standalone server install, Webserver is Debian's Apache 2.2.3-4+etch6. When I cancel authorisation, I get the following response header with Firefox on Windows: ------------ Date: Mon, 17 Nov 2008 12:43:38 GMT Server: Apache/2.2.3 (Debian) PHP/5.2.0-9~computec+2 proxy_html/2.5 mod_ssl/2.2.3 OpenSSL/0.9.8c JRun/4.0 Set-Cookie: CFAUTHORIZATION_=;expires=Sat, 17-Nov-2007 12:43:38 GMT;path=/ WWW-Authenticate: Basic realm="Login für diese Seite" Content-Language: de-DE Cache-Control: max-age=0 Expires: Mon, 17 Nov 2008 12:43:38 GMT Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 401 Unauthorized ------------ If i use a plain ascii password and login successfully, I get the following response header: ------------ Date: Mon, 17 Nov 2008 12:45:03 GMT Server: Apache/2.2.3 (Debian) PHP/5.2.0-9~computec+2 proxy_html/2.5 mod_ssl/2.2.3 OpenSSL/0.9.8c JRun/4.0 Set-Cookie: CFAUTHORIZATION_=;expires=Sat, 17-Nov-2007 12:45:03 GMT;path=/ Content-Language: de-DE Cache-Control: max-age=0 Expires: Mon, 17 Nov 2008 12:45:03 GMT Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 200 OK ------------ Any ideas on this? Kind regards Markus Computec Media AG Sitz der Gesellschaft und Registergericht: Fürth (HRB 8818) Vorstandsmitglieder: Johannes S. Gözalan (Vorsitzender) und Rainer Rosenbusch Vorsitzender des Aufsichtsrates: Jürg Marquard Umsatzsteuer-Identifikationsnummer: DE 812 575 276 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315357 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4