I am trying to implement session management on a website I am building with coldfusion. Currently, the site authenticates via IIS 7 using the "Requires Authentication" setting that requires users to log into the web server before any page is served. This, however, is not ideal. It appears that the session management does not work when users are automatically logged on by using the IIS 7 authentication.
Currently my CGI variables get set once IIS authenticates, then the user information is set based on the authenticated username. I am halted from ending a session because IIS is still authenticated on that open browser, and until the browser window is closed, the site is still active.
I was trying to make sense of LDAP, but that is new to me (Active Directory is something I have not used much of, but the people who I'm helping love it). I was not sure if I would be able to create a simple login form and then have that check against active directory, for the hopes of not making people memorize yet another password, and just let them use the same password they use on the network.
Any assistance would be greatly appreciated.