Thanks for the perspective and tip on the compact policy, Dave.
I'll check out compact policy and see about implementing that.
I also took the route today of having one client put the site on which
they have to perform site management using session variables in their
list of trusted sites, rather than lowering their acceptance standard of
all cookies. I haven't heard back from that client on whether that was
successful or not, but I don't see why it wouldn't be...
I'll let you know what happens...
Rick
> -----Original Message-----
> From: Dave Carabetta [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, February 04, 2003 12:13 AM
> To: CF-Talk
> Subject: Re: Why are my clients having so many login
> problems all of a
> sud den?
>
>
> > So, you're saying that the only time I would have to append
> > the CFID/CFTOKEN variables to URL's, etc., would be when
> > I have SETCLIENTCOOKIES to "No"? Otherwise, CF will
> > set client cookies even without ClientManagement = "Yes"?
>
> That is correct. If you think about it, that makes sense. CF
> needs to be
> able to set some sort of cookie, even for session variables.
> Otherwise, how
> would it know who's who? Setting ClientManagement="Yes"
> simply allows you to
> use client variables -- literally the ability to type <cfset
> client.myVariable = "value">. If that attribute is missing
> or is set to "no"
> in your <cfapplication> tag, CF will throw an error saying
> you can't use
> client variables.
>
> The SetClientCookies attribute, on the other hand, is the
> determinant as to
> whether or not CF will attempt to set a cookie or not when
> attempting to use
> a client or session variable. Since the default value of
> this attribute is
> "yes", most developers skip this tag and just make the
> (correct) assumption
> that CF will take care of the cookie.
>
> > Seems like I may be confusing the term "ClientManagement"
> > as it applies to cookies, thinking that it only, and not
> > "SessionManagement",
> > applies to cookies, when actually those terms refer to
> types of variables,
> > but also both involve cookies...would that be correct?
>
> Both ClientManagement *and* SessionManagement will attempt
> to set a cookie
> on the user's browser. Summary: Cookies are used in both
> instances. The only
> difference between the two forms of state management is that session
> variables are stored in server memory, while client
> variables are stored in
> the registry, cookies, or a database.
>
> > PS - I think the issue of why my some of my clients have
> had problems
> > accessing site management areas that involve cookies and session
> variables,
> > has to do with browser security settings, mostly. And the browser
> > version...
> > *AND* the use of AOL's software when trying to perform management
> functions
> > on their site. I had one user tonight trying to work
> throught the AOL
> > interface,
> > which was using IE 5.5, but was unable to maintain session state.
>
> I would agree with your assessment on browser settings being
> a partial, if
> not total, culprit. Since the media has put the fear of God
> in consumers
> concerning the supposed security risks of using cookies, the
> browser vendors
> raised the default security level in their respective
> browser products to
> counter the publicity. What you might want to look into are
> the obvious
> things you can do to help alleviate these problems. The one
> thing that comes
> to mind is the compact policy I mentioned earlier. It's easy
> to generate,
> and might help out on some of your issues. I found the link
> from IBM's site
> for more info:
>
> http://www.alphaworks.ibm.com/tech/p3peditor/
>
> Also, if this becomes a persistent headache for you, you may
> want to explore
> the possiblity of setting SetClientCookies to "no" and then manually
> appending the CFID/CFTOKEN to each link on your site. I know
> that sites like
> Verisign do this.
>
> Regards,
> Dave.
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription:
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
This list and all House of Fusion resources hosted by CFHosting.com. The place for
dependable ColdFusion Hosting.
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
