I like client variables, in fact I prefer them, how ever I use a Database to store the vars in and not cookies.
If you do it that way then the only difference between client and session is if they are stored in Web Server ram or the Database. The normal cookies will always be there no matter which side you use. At 03:23 PM 3/20/2002 -0500, you wrote: >Does anyone know of any good tutorials/articles about locking down a site >that uses Client variables for security? My boss seems to think Session >variables are the way to go and wants to go through the headache of >converting all of the Client Variables in our rather large intranet to >session variables. Obviously, I don't want to do this because I just know >about 30 things are going to break. I'm of the opinion that there it mostly >doesn't matter which I use as long as everything is done right. > >One of the main concerns he has is what if someone closes the browser >without logging off. I gave him a way that could be taken care of. He >asked, won't that kill their session on all of the browsers they have open >on our site? I said, yep. He said, I don't want that. Anyone have any >ideas for me? > >Todd > > ______________________________________________________________________ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
