What's so bad with passing the username and password in the session structure? You wouldn't be able to steal anyone else's session unless you had a problem with firewalls, and you would end up having the same issue no matter what kind of management you used.
Robert Everland III Web Developer Extraordinaire Dixon Ticonderoga Company http://www.dixonusa.com -----Original Message----- From: S. Isaac Dealey [mailto:[EMAIL PROTECTED]] Sent: Monday, July 22, 2002 10:14 AM To: CF-Talk Subject: RE: Finding a good Session management system. > Wasn't a flame -- just a statement. > ~Todd >> So.. my advice to you is to do a <cfdump var="#session#"> (proper >> locks around of course) and take a good hard look at what really >> should / shouldn't be there. >> >> ~Todd I worked for a while at an education-management company ( they manage k-12 schools for people who own / operate them, but don't know what they're doing :) where I found username and password (among other things) in a dump of the session structure... ick... guess the management company didn't really know what they were doing either. :) Isaac Dealey www.turnkey.to 954-776-0046 ______________________________________________________________________ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
