I prefer them too and we are using them in a database. The problem is, some dude with level 4 access closes the browser without logging off. Someone comes along within the 1 hour timeout limit and opens the browser and suddenly has access to level 4 commands, because they hijacked the identity of the other guy. Now, when the browser closes, I can delete the cookies, but that would ruin the session for the other browsers that are open in the site .. this is a bad thing.
Any idea how I can kill Client variable session when closing a browser without killing all sessions for all browsers? Todd Ashworth Macromedia Certified Professional Web Application Developer SCD, Inc. Oak Hill Business Park Suite H 8848 Red Oak Blvd. Charlotte, NC 28217 704-523-0905 [178] (Voice) www.scdinc.com ----- Original Message ----- From: "Nick McClure" <[EMAIL PROTECTED]> To: "CF-Community" <[EMAIL PROTECTED]> Sent: Wednesday, March 20, 2002 3:27 PM Subject: Re: Using Client Variables for security > I like client variables, in fact I prefer them, how ever I use a Database > to store the vars in and not cookies. > > If you do it that way then the only difference between client and session > is if they are stored in Web Server ram or the Database. The normal cookies > will always be there no matter which side you use. > > At 03:23 PM 3/20/2002 -0500, you wrote: > >Does anyone know of any good tutorials/articles about locking down a site > >that uses Client variables for security? My boss seems to think Session > >variables are the way to go and wants to go through the headache of > >converting all of the Client Variables in our rather large intranet to > >session variables. Obviously, I don't want to do this because I just know > >about 30 things are going to break. I'm of the opinion that there it mostly > >doesn't matter which I use as long as everything is done right. > > > >One of the main concerns he has is what if someone closes the browser > >without logging off. I gave him a way that could be taken care of. He > >asked, won't that kill their session on all of the browsers they have open > >on our site? I said, yep. He said, I don't want that. Anyone have any > >ideas for me? > > > >Todd ______________________________________________________________________ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
