Don't CFLOGIN and CFLOGOUT also rely on session vars to track the user?
MB
Mark W. Breneman
-Cold Fusion Developer
-Network Administrator
Vivid Media
[EMAIL PROTECTED]
www.vividmedia.com
608.270.9770
-----Original Message-----
From: Tom Kitta [mailto:[EMAIL PROTECTED]
Sent: Monday, October 27, 2003 10:58 AM
To: CF-Talk
Subject: RE: CFMX 6.1 Session problems - help
I thought CFMX fix the session "jumping" problems that CF 5 had and thus
did away with the need to lock session vars, other then in race
conditions. Is this true? Is it possible that locking causes a
problem if CFMX?
[Tom Kitta]
As far as Macromedia is disclosing, there is no need for shared variable
locking if no race conditions are to occur. If you don't lock you shared
variables no memory corruption will occur in CFMX and above. However,
you
still need to lock if race conditions might occur. There is a tech note
about that on MM site which I have read a while ago.
As for users seeing each other's sessions - do you maybe use url
variables
for session storage? It was and is a common problem in session sharing.
Other than that, consider using security based solely on CF model
without
any session.userID stuff. In other words use CFLOGIN and CFLOGOUT.
TK
Thoughts?
_____
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
