I'm using the CFID and CFTOKEN in a session variable to be appended to urls.
It seems to me that if this is stored in a session variable and the session
expires in five seconds, that the variable should also cease to exist. It
seems I can come back at any time and the variable is still active. How can
I kill the variable when the session expires? If I don't kill the variable,
will storing the token and id in the session variable give me any security
at all?
What I WANT it to do is that when the session expires in the application,
after a reasonable amount of time, that the session.addToken will be deleted
and they have to log on again to resume looking at the pages.
Thanks very much for your help!
Britta
This is my Application file:
<cfapplication name="Customers"
clientmanagement="Yes"
sessionmanagement="yes" clientstorage="Registry"
sessiontimeout="#CreateTimeSpan(0,0,0,5)#"
applicationtimeout="#CreateTimeSpan(0,0,0,5)#">
<!--- Initialize application varibles --->
<cfif not isDefined("session.rollCount")>
<cfcookie name="isOn" value="testing">
<cfset session.addToken = client.URLToken>
<cfelse>
<!--- Check to see if cookies are on. If no, make a query string variable
with the CFID and CFTOKEN. --->
<cfset session.addToken = iif(not isDefined("cookie.isOn"),
DE("#client.URLToken#"), DE(""))>
</cfif>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
