Nothing wrong with sessions, until you've experienced your first session corruption / leak - then you'll see why this isn't a good idea.
~Todd On Mon, 22 Jul 2002, Robert Everland wrote: > What's so bad with passing the username and password in the session > structure? You wouldn't be able to steal anyone else's session unless you > had a problem with firewalls, and you would end up having the same issue no > matter what kind of management you used. > > Robert Everland III > Web Developer Extraordinaire > Dixon Ticonderoga Company > http://www.dixonusa.com > > -----Original Message----- > From: S. Isaac Dealey [mailto:[EMAIL PROTECTED]] > Sent: Monday, July 22, 2002 10:14 AM > To: CF-Talk > Subject: RE: Finding a good Session management system. > > > > Wasn't a flame -- just a statement. > > > ~Todd > > >> So.. my advice to you is to do a <cfdump var="#session#"> (proper > >> locks around of course) and take a good hard look at what really > >> should / shouldn't be there. > >> > >> ~Todd > > I worked for a while at an education-management company ( they manage k-12 > schools for people who own / operate them, but don't know what they're doing > :) where I found username and password (among other things) in a dump of the > session structure... ick... guess the management company didn't really know > what they were doing either. :) > > Isaac Dealey > www.turnkey.to > 954-776-0046 > > ______________________________________________________________________ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
