Barry Beattie wrote:
1) have you tried this with different configs of IE? security,
cookies, etc
No, I didn't have enough time to do anything but confirm what was
happening (I had some more important things to get to). I thought I'd
report it and see if anyone else had noticed this.
2) how exactly are you destroying the cookie when the user closes the
browser (ie: not logs out first)?
Simply using the default for the expires attribute, if I recall correctly.
3) since the security object is still session scoped, is the old hack
(in Applcation.cfm) to destroy sessions on browser close any use to
you for your IE problem?
<cfif IsDefined("Cookie.CFID") AND IsDefined("Cookie.CFTOKEN")>
<cfset cfid_local = Cookie.CFID>
<cfset cftoken_local = Cookie.CFTOKEN>
<cfcookie name="CFID" value="#cfid_local#">
<cfcookie name="CFTOKEN" value="#cftoken_local#">
</cfif>
Actually, what I've done to fix it was also simply check if the cookie
was gone too, and if so, reinstantiate the security object in the
session. It doesn't really need to be "secure," so I wasn't too worried
about the session still being open after the browser is closed. In
fact, this doesn't hurt if it does need to be secure, since the actual
info is being stored in the cookie (ie, the user still has to re-login)
I just thought it was strange that the session was closing in firefox,
while not doing so in IE. I wouldn't have thought that was a browser
thing.
I can certainly see how the cookie may act differently with the browser
(for example, one may choose to never let it expire, I suppose, or not
let it expire when it is supposed to), but the session ... I would have
thought at the worst, it should act exactly the same as a normal cookie
would act.
But, I have to admit I'm having trouble seeing what that code does.
Well, I'm fairly sure I know what it does, but I just don't see how it
would help (unless it is doing something completely different from what
it says it does, or unless I've read it wrong)..
-Sam
You are subscribed to cfcdev. To unsubscribe, please follow the instructions at
http://www.cfczone.org/listserv.cfm
CFCDev is supported by:
Katapult Media, Inc.
We are cool code geeks looking for fun projects to rock!
www.katapultmedia.com
An archive of the CFCDev list is available at
www.mail-archive.com/[email protected]
