Lately, I've been doing some work with Greg Moser on the Slatwall Ecommerce plugin forĀ Mura CMS. The other day, I did a core upgrade on my local Mura development instance which I was using for Slatwall. All of a sudden, I couldn't access the Slalwall dashboard even though I was logged in as a Super Admin. No matter what I did, it seemed like I wasn't recognized as a privileged user.
After some hair-pulling and digging around, I finally figured out the issue. Slatwall has its own security/authentication system which hooks into Mura's user security system. Mura has used ColdFusion's native cflogin user authentication framework for a while. However, in the latest builds (as of version 5.4.4269), they have deprecated it as the default. There was code in the Slatwall plugin that was using cflogin functions like getUserRoles() and isUserInRole() that started returning empty strings after I upgraded Mura to the latest build, which was completely messing up the Slatwall security system. Fortunately, there is a setting you can use in your settings.ini.cfm file which confers backward compatibility with the old cflogin system. I added useLegacySessions=true to the settings and everything was back to normal. But knowing that cflogin is now "legacy" for Mura, the Slatwall security system will likely be refactored to not use cflogin code anymore. Also Matt Levine informed me that useLegacySessions will be set to true by default in the latest Mura builds.
Just thought I'd blog about this in case anyone out there is using cflogin stuff in a Mura plugin or other custom Mura code and has started running into issues.
10-8-2010
8-30-2010
6-1-2010
4-21-2010
4-1-2010