http://livedocs.adobe.com/ Macromedia LiveDocs - online documentation with user feedback. Copyright 2009, Macromedia, Inc. 2009-11-26T10:58:18 en-us http://livedocs.adobe.com/coldfusion/6/Developing_ColdFusion_MX_Applications_with_CFML/appSecurity4.htm#5367 In the section "About Web Server Authentication", items 1 and 2 are incorrect. The web server does not present a login page, nor does the user submit a login page. It should say:<br /><br />1. The web server notifies the browser that the requested page requires credentials (e.g., a login name and password).<br />2a. The browser prompts the user for the credentials.<br />2b. The users supplies the credentials and the browser send the credentials back to the web server along with the original request. a440guy 0 0 2004-01-16T14:11:21 http://livedocs.adobe.com/coldfusion/6/Developing_ColdFusion_MX_Applications_with_CFML/appSecurity4.htm#5363 In the description of CFLOGIN (in the table), it states:<br /><br />"The body of the tag runs only if there is no logged-in user". <br /><br />This is not correct. It should say:<br /><br />"The body of the tag runs only if the user requesting the page [or perhaps 'encountering the tag' is not logged-in." a440guy 0 0 2004-01-16T13:24:25 http://livedocs.adobe.com/coldfusion/6/Developing_ColdFusion_MX_Applications_with_CFML/appSecurity4.htm#695 Comment from carehart@systemanage:<br><br>A line above incorrectly states regarding CFLOGOUT:<br><br>"If you do not use this tag, the user is automatically logged out when the session ends."<br><br>That's not true. CFLOGINUSER authentication has nothing to do with sessions. It will end when the CFLOGINUSER IDLETIMEOUT time has passed since the user's last visit, or if they close their browser.<br><br>Indeed, 3 of the 4 references to "session" on this page should be reworded to refer to not be confused with CF sessions. (One refers to browser "sessions" which could also stand to be reworded.)<br><br>Also, with respect to browser close causing a logout, with IE if you opened windows from the currently authenticated one (using File>New>WIndow or Ctrl-n), those share the same non-persistent cookie and therefore all must be closed to log the user out.<br> rnielsen 0 0 2002-09-16T13:41:00 http://livedocs.adobe.com/coldfusion/6/Developing_ColdFusion_MX_Applications_with_CFML/appSecurity4.htm#425 The text for cookieDomain is incorrect. It does not limit logins to a domain - rather - it lets you specify the domain of the cookie that is used to mark a user as logged in. You would use this if you had a cluster with machine names like x.foo.com, x2.foo.com, etc. This lets the cookie work for all machines in the cluster. jedimaster 0 0 2002-05-30T12:39:00