As you may (or may not know), CFMX introduced a new security system called roles-based security. If you haven't checked out the feature, I encourage you to take a quick look at it. Unfortunately, being a 1.0 feature, has a few 'issues' with it. Here is one I found today:
The <cfloginuser> tag marks a user as being logged in. From that moment onward, getAuthUser() should return the username of the user. However, it will NOT return anything until after the closing <cflogin> tag. So, when you first log the user in, you can't call getAuthUser().
Here is a sample script:
<cflogout>
<cflogin>
<cfloginuser name="foo" password="foo" roles=""> <cfoutput>Test1=#getAuthUser()#<p></cfoutput>
</cflogin>
<cfoutput>Test2=#getAuthUser()#</cfoutput>
When you run this test, only the line beginning with Test2 will work correctly.
Archived Comments
Interesting find. What might be the downsides to this? For instance, is there a time when you would want to access that function before the cflogin tag closes?
What does MM say... is this an issue that needs fixing?
It''s a known bug. That doesn''t mean it will be fixed, but it''s on their bug system.
5 years later this has still not been fixed, just got nailed by it in CF8.
The use case is that I want to update a database immediate when the user logs in (last login date, 3 of logins). I wanted to use GetAuthUser() in the query, which resides in the cflogin block. No dice.