We have an internal page that we use to control things on our website. It's sort of like a home-brewed CMS, but it doesn't hold actual content. It just stores details about the pages (page title, contact person, date created, etc) and allows us to show newly added items on a "what's new" page.
To get into the thing, I have a list of authorized users in a database. I compare this list to a function that the server gives us called GetAuthUser()
I basically do a query to find that username in the database and pull out the associated rights, then assign them to session variables. This worked perfectly in CF8, but not in CF10.
Here's the code that worked before:
<cffunction name="onSessionStart">
<cfquery name="session.userdata" datasource="mydsn">
SELECT usernm, user_email, admin
FROM users
WHERE usernm = '#listlast(GetAuthUser(),"\")#'
</cfquery>
<cfif session.userdata.recordcount eq 0>
<cflocation url="noaccess.html" addtoken="no">
<cfelse>
<cfset session.rights = session.userdata.admin>
<cfset session.email = session.userdata.user_email>
</cfif>
</cffunction>
Any ideas why it blows up in CF10? I get the dreaded "Element RIGHTS is undefined in SESSION." deal.