tracker issue : CF-3581568

Problem Description: If a user is logged into a ColdFusion application with cflogin and calls the login() function on the cfide.adminapi.administrator component, they are logged out of the application.

Steps to Reproduce:

Create 2 files:

1. Application.cfc:
<cfcomponent>
  <cffunction name="onRequest">
    <cfargument name="thePage" type="string" required="true" />
      <cflogin>
        <cfif IsDefined("url.logmein")>
          <cfloginuser name="user" password="" roles="">
        <cfelse>
          <br>not logged in
          <br>[<a href="index.cfm?logmein=true">log me in</a>]
          <cfabort>
        </cfif>
      </cflogin>
    <cfinclude template="#arguments.thePage#">
  </cffunction>
</cfcomponent>

2. index.cfm:
<cfif IsDefined("url.doadminlogin")>
  <cfset adminObj = CreateObject("component","cfide.adminapi.administrator")>
  <cfset adminLoginSuccess = adminObj.login("XXX")><!--- replace XXX with actual password --->
  <cfoutput><br>adminLoginSuccess=[#adminLoginSuccess#]</cfoutput>
</cfif>
<br>hi
<br>[<a href="index.cfm">refresh page</a>]
<br>[<a href="index.cfm?doadminlogin=true">do admin login</a>]

3. point your browser to index.cfm 
a) you should see a login link, click on it
b) you should see "hi" plus two links
c) click the "refresh page" link to verify that you're still logged in
d) click the "do admin login" link
e) click the "refresh page" link.  you should still be logged in, but you won't be

Actual Result:
e) you are no longer logged in

Expected Result:
e) you should still be logged in

Any Workarounds:
Not that I'm aware of.

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	3581568

External Customer Info:
External Company:  
External Customer Name: Rafael Salomon
External Customer Email:  
External Test Config: My Hardware and Environment details:

Attachments:

Comments: