Jennifer,
The problem isn't with session management; it's with the cookies that are
being written to your browser. This is not a bug in 4.5.1-I believe
Allaire's always handled the administrator this way. Regardless, it's not a
bug-it was done this way by design.
What they're doing is creating a cookie that lasts for as long as a browser
window is open. The only way to kill the session is to close all your
browser windows and re-open your browser.
-Dan
+--------+---------------------------+
| name | Dan G. Switzer, II |
|company | PengoWorks.com |
| www | http://www.pengoworks.com |
| mailto | [EMAIL PROTECTED] |
+--------+---------------------------+
-----Original Message-----
From: Jennifer [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 12, 2000 6:23 PM
To: [EMAIL PROTECTED]
Subject: RE: 4.5.1 administrator security
I just checked again after two hours and it's still doing it. They
installed 4.5.1 yesterday and I'm sure they changed a lot of stuff on the
server in the process, but other pages in the site aren't doing this. Would
someone please check their server and tell me if it is doing the same thing?
At 04:45 PM 4/12/00 -0400, you wrote:
>The login authentication is cached so that once you log in, the pages are
>accesible for around 20 minutes (by default) I think this is more of a web
>server concern than a ColdFusion issue.
>
>-----Original Message-----
>From: Jennifer [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, April 12, 2000 2:56 PM
>To: [EMAIL PROTECTED]
>Subject: 4.5.1 administrator security
>
>
>I just noticed something that I think is bad, so I hope somebody has found
>a setting for this. Since the client uninstalled 4.0 to install 4.5.1 for
>Solaris, some of our settings (particularly the debugging settings) were
>lost. I can get to the administrator remotely, so I logged in to add the
>debugging settings. 20 minutes later (or maybe longer), I had to go back to
>the administrator to check a setting, so in a different window of the same
>browser program, I went to the administrator address again (by selecting
>the bookmark). When I went to the address, I was automatically logged in. I
>closed the window, opened a new window and tried again to make sure that I
>had really done that the first time. The same thing happened. So I exited
>the browser and reopened it. When I tried to go to the administrator, I had
>to login.
>
>I don't want to have anybody with access to my browser being able to change
>things in the administrator because I haven't closed it recently enough. I
>have looked for a setting to turn this off, but I haven't found one. I'm
>not suspecting that anyone around here would start changing the server
>settings through my browser, but I would prefer that they were unable to.
>---------------------------------------------------------------------------
-
>--
>Archives: http://www.eGroups.com/list/cf-talk
>To Unsubscribe visit
>http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
>send a message to [EMAIL PROTECTED] with 'unsubscribe' in
>the body.
>---------------------------------------------------------------------------
---
>Archives: http://www.eGroups.com/list/cf-talk
>To Unsubscribe visit
>http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
>send a message to [EMAIL PROTECTED] with 'unsubscribe' in
>the body.
----------------------------------------------------------------------------
--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
