OK .. so if 1 browser closes, it won't mess up the client session of another one that is logged in to the same site?
Todd ----- Original Message ----- From: "Nick McClure" <[EMAIL PROTECTED]> To: "CF-Community" <[EMAIL PROTECTED]> Sent: Wednesday, March 20, 2002 4:32 PM Subject: Re: Using Client Variables for security > You don't have to delete the cookies, just reset them! > > <cfcookie name="cfid" value="#cookie.cfid#"> > <cfcookie name="cftoken" value="#cookie.cftoken#"> > > notice the lack of the expires tag. this should remove the dates from the > cookies, which will cause the to expire when the browser is closed. > > At 04:21 PM 3/20/2002 -0500, you wrote: > >I prefer them too and we are using them in a database. The problem is, some > >dude with level 4 access closes the browser without logging off. Someone > >comes along within the 1 hour timeout limit and opens the browser and > >suddenly has access to level 4 commands, because they hijacked the identity > >of the other guy. Now, when the browser closes, I can delete the cookies, > >but that would ruin the session for the other browsers that are open in the > >site .. this is a bad thing. > > > >Any idea how I can kill Client variable session when closing a browser > >without killing all sessions for all browsers? > > > >Todd ______________________________________________________________________ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
