Remember you can also use a datasource on your server to store the client
variables, like CFID and CFToken. So this is an alternative to using cookies
to enable Session Management.
regards,
larry
--
Larry C. Lyons
EBStor.com
8870 Rixlew Lane, Suite 201
Manassas, Virginia 20109-3795
tel: (703) 393-7930 x253
fax: (703) 393-2659
http://www.ebstor.com
http://www.pacel.com
email: [EMAIL PROTECTED]
Chaos, panic, and disorder - my work here is done.
--
"Owens, Howard" <[EMAIL PROTECTED]> wrote in message
9231D56B8281D211B8E400A0C9D60B828D0982@VSNT02">news:9231D56B8281D211B8E400A0C9D60B828D0982@VSNT02...
>
> Well, to me, the main issue isn't what CF does or doesn't do with cookies
> ... it's user perception. This is one more feather in the cap of the
> anti-cookie maniacs. What until the media reports this -- "Cookies Steal
> User Identities ... film at 11" It could get ugly.
>
> My latest programming methodolgy has relied on cookies and my attitude has
> been anti-cookie fanatics be damned. If you disable cookies you can't use
> my site!!! This whole new security hole undercuts my primary argument:
> There is nothing wrong with cookies. Well, now, we find out, there is.
I
> don't know if that's going to change much of what I'm doing because the
> actual value of exploiting this hack is rather slim, it seems to me.
>
> I like session vars. I want to use session vars (not to mention client
> vars). I shouldn't need to jump through the hoops of passing session vars
> through URLs and hidden input fields (sort of defeats the purpose, doesn't
> it?). For now, I'm going to keep using cookies as I've been using them.
>
> However ... friggin' frackin' Microsoft!!!!!!!!!!!
>
> H.
>
> =========================
> Howard Owens
> Web Producer
> InsideVC.com
> mailto:[EMAIL PROTECTED]
> =========================
>
> > -----Original Message-----
> > From: Sharon DiOrio [SMTP:[EMAIL PROTECTED]]
> > Sent: Tuesday, May 16, 2000 12:56 PM
> > To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> > Subject: RE: "You have nice cookies .. mind if I have a look?"
> >
> > Because the web is "stateless", each http request is independent of the
> > previous ones. So the web server (any web server, not just CF) needs a
> > way
> > to establish that multiple http requests belong to the same user.
> > Therefore, session state needs to be maintained either by setting
cookies
> > or by passing a unique ID in URL variables.
> >
> > In Cold Fusion SESSION management, the temporary cookie only contains
CFID
> > and CFToken, values that mean nothing except to the Cold Fusion server
> > that
> > set them, having them stolen is less of a security risk than setting
> > discrete cookies with user specific information.
> >
> > Sharon
> >
> > At 12:44 PM 5/16/2000 -0700, paul smith wrote:
> > >Nope. You only need session vars
> > >to maintain a session state.
> > >You need to set cookies on your
> > >visitor's 'puter if you want them
> > >to be able to login automagically.
> > >
> > >best, paul
> > >
> > >At 03:04 PM 5/16/00 -0400, you wrote:
> > >>I thought cookies had to be enabled for session scoping to work?
> > >
> >
>-------------------------------------------------------------------------
> > --
> > ---
> > >Archives: http://www.eGroups.com/list/cf-talk
> > >To Unsubscribe visit
> > http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk
or
> > send a message to [EMAIL PROTECTED] with 'unsubscribe'
in
> > the body.
> > >
> >
>
> --------------------------------------------------------------------------
> > ----
> > Archives: http://www.eGroups.com/list/cf-talk
> > To Unsubscribe visit
> > http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk
or
> > send a message to [EMAIL PROTECTED] with 'unsubscribe'
in
> > the body.
> --------------------------------------------------------------------------
----
> Archives: http://www.eGroups.com/list/cf-talk
> To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
>
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
