My responses are below. -Mike Chabot
>>Some notes: no, you don't generally use cflock or cfcookie with client >>variables. Adding these to your code are unlikely to solve the >>problem. > > Ok, so when/why does one use client variables? I used them because every > piece of documentation I had said that's what you use to track variables > between pages (if you won't want to use sessionID/token and such in the url. Client variables aren't used much in practice. They are used to retain values across sessions, which is also accomplished by storing values in a database table. Client variables are inappropriate for this scenario for a number of reasons that would take a while to describe. The biggest reason not to use them is because session variables are the better choice. You don't need to modify URLs to use session variables if you are allowed to make use of cookies. The free ColdFusion Developers Guide that Adobe distributes should describe this. If you haven't read this book yet I would encourage it. >>If you are using client variables to track whether a user is logged >>in, you may wish to reconsider. I would not recommend doing this. > > Ok, can you explain why? (I would have to rework the entire site to change > it.) Because session variables are a much better choice for many reasons that would take too long to describe. The developer's guide has more information on this topic. The majority of CF sites use session variables to track whether a user is logged in. There is also the cflogin tag. A few other options exists that might be better suited for larger organizations or places where security is very important. >>I wouldn't store client variables in a cookie > > I don't know how else to store them... the server does that automatically. > When I create the site all the docs I read said they were stored in memory > which was my main reason to use them (to avoid cookies altogether). If you go to cfadministrator you will see a bunch of storage locations. Database storage is not the default choice because you need to point it to a valid database table. CF administrator assists in creating the storage database table. Cookies are a good backup choice if you can't use a database table, but cookies are more limited and are less secure. It is very difficult to create a modern Web site that does not use cookies in some way. There is a difference between storing unreadable tracking tokens in a cookie and storing human-readable variables in a cookie. >>unless there is a good >>reason why the site isn't storing them in a database. > > I don't know how that would work... you make a DB inquiry on each page? (how > do you know what record belongs to each user?) It is done automatically behind the scenes. CF makes a database call at the start of every page request and makes another database call to write back any changes at the end of every page request. Nothing would need to be changed in the code by changing where client variables are stored. >>The first thing you might check is whether the URL switches from >>www.site.com to site.com, or some similar switch in the URL, which is >>the most common reason a cookie value can be lost. > > oh! I had no idea about that ... I'll look into that. > >>Another common >>reason is using cflocation on a page that sets a cookie value, which >>was more of a problem in older versions of CF. > > Well, when I use CFlocation I think I always choose "no" for the token > options. Nearly everyone chooses "no" for that attribute. Maybe change it to "yes" temporarily to see if it has an impact on the problem. > Thank you for your help... I hope it won't be too much time for you to reply. > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-newbie/message.cfm/messageid:5062 Subscription: http://www.houseoffusion.com/groups/cf-newbie/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-newbie/unsubscribe.cfm
