As you may (or may not know), CFMX introduced a new security system called roles-based security. If you haven't checked out the feature, I encourage you to take a quick look at it. Unfortunately, being a 1.0 feature, has a few 'issues' with it. Here is one I found today:
The <cfloginuser> tag marks a user as being logged in. From that moment onward, getAuthUser() should return the username of the user. However, it will NOT return anything until after the closing <cflogin> tag. So, when you first log the user in, you can't call getAuthUser().
Here is a sample script:
<cfloginuser name="foo" password="foo" roles=""> <cfoutput>Test1=#getAuthUser()#<p></cfoutput>
When you run this test, only the line beginning with Test2 will work correctly.