In that case, wouldn't you want to store the password in the cookie too? Perhaps hashed?
-----Original Message----- From: Russ [mailto:[EMAIL PROTECTED] Sent: Tuesday, 29 November 2005 12:46 p.m. To: CF-Talk Subject: RE: pseudo-memory leak Cookies are not very secure now, are they? Lets say I was going to let the user be logged in, and I wanted that to persist... So I would do.. Client.userId=123456 Now, the user has no way to change that... Now, lets say I store it in the cookie... <Cfcookie name="userId" value="123456"> Now, the user can examine their cookies and know their userid. Worse, they can change the userid, and be logged in as a different user. Russ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:225469 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
