> My only concern now is that if there are 10 different users
> who are going to hit this application.cfm code section
with
> "<cfif Len(Trim(getAuthUser())) NEQ 0><cfset
session.userID="282828">..."
> code, is there going to be any mixing up of
information.
Yes, there is going to be mix-up of information. However,
that would happen no matter where you put the code. The problem is
that you are giving every user a static, hard-coded ID.
If there is no need for a user ID, then don't use one.
Usually, if there is a need for it, then it has to be unique.
> Like for example, "John" might have just logged in and gone
> through <cflogin></cflogin> block, but then
right before we get
> to setting the session.userID, "Mary" might intervene
and
> then the session.userID gets mixed up.
That could happen with a variable in a scope higher up, for
example, with application.userID. However, sessions are distinct,
not shared between users. Even though John and Mary share the same
session.userID value of 282828, Coldfusion doesn't mix up their
respective values. It maintains the sessions in parallel. For
example, the code
<cfif getAuthUser() is "John">
<cfset session.userID = session.userID+1>
</cfif>
would raise John's session.userID to 282829, but Mary's would
still be at 282828.
The main trouble with setting a static, hard-coded
session.userID is that you couldn't then use it to make a
distinction like
"if session.userID equals such and such, then do such and
such". If you need unique IDs, then use, for example
<cfset session.userID = createUUID()>