The client variables would be used in case the user checks something like 'Remember Me' checkbox upon loggin in. Otherwise, of course you would be using session variables (Unless you're on a load balanced server using CF Standard, which doesn't have session replication). In that case, it would be better to use client variables instead of session variables.
-----Original Message----- From: Justin D. Scott [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 29, 2005 12:07 AM To: CF-Talk Subject: RE: pseudo-memory leak > Client.userId=123456 > > Now, the user has no way to change that... Now, lets say I store it in > the cookie... If your site is running on any kind of traffic, you should probably be using session variables for this kind of thing anyway. > <Cfcookie name="userId" value="123456"> > > Now, the user can examine their cookies and know their userid. Worse, > they can change the userid, and be logged in as a different user. Using an ID in a cookie in combination with something else, like a unique session hash cookie that changes upon login and gets checked against the database on every page load, you would be okay. Session variables are still more efficient in most cases though. -Justin Scott ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:225504 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
