The server needs *somthing* to distinguish each client. You must pass the CFID and CFTOKEN from the client to the server one way or another. Either by setting client cookies (the standard) or through the URL on each page. You will need to do the latter if you cannot set cookies.
Looking at your original code, you might want to use CFLOCATION instead of your javascript to do the redirect. CFLOCATION automatically appends the CFID and CFTOKEN values when it does the redirect unless you set addtoken="no". -- Josh ----- Original Message ----- From: "Mullai Subbiah" <[EMAIL PROTECTED]> To: "CF-Talk" <[email protected]> Sent: Friday, November 17, 2006 3:55 PM Subject: Re: Mysterious Session Timeout > Thank you. I have taken over this code from another programmer. I guess we > set client cookies to no 'cause of security concerns. The clients dont > have their cookies enabled. I am now totally confused on the settings of > <cfapplication>. > > I am setting CFID to session.cfid and similar for CFToken so in case the > user decides to close the browser then he will be logged out. So I guess I > will have to pass the CFID and CFTOken in each of the URL, links etc., But > is it possible to maintain the session without using cookies. > > I am totally confused after reading about this issue for the past two > days. > > Mullai > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:260979 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
