Even if you pass around the session.urlToken around in the URL if you must use cookies if you want to use session replication. If you can't use cookies, client variables and you must have session replication you are left with rolling your own state management. My $0.02 is that you are going to end up with something that is damn close to client variables.
On 2/15/07, Mike Kear <[EMAIL PROTECTED]> wrote: > > His issue about the new token each time is mainly prompted by the > issue of corporate users sharing the same IP. This is an app where > there may be many users in a building accessing the site, and each > will have his/her own permissions set. So he doesnt want one person > having higher access than they deserve by accident. They could grant > their management unit product they havent been approved for. > > So it kind of makes sense. > > This is a product where the unit values are very high and a large > organisation will buy lots of licenses, and one senior person in the > organisation will allow the various operational units to have > specified numbers of licenses and they'll be logging in to manage the > licenses they have a right to. > > So he's not being silly about it, I can see where his mind is on it. > Not quite sure how it's all going to work, that's the problem. > > > Cheers > Mike Kear > Windsor, NSW, Australia > Adobe Certified Advanced ColdFusion Developer > AFP Webworks > http://afpwebworks.com > ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month > > > On 2/16/07, Dinner <[EMAIL PROTECTED]> wrote: > > On 2/15/07, Matt Robertson <[EMAIL PROTECTED]> wrote: > > > On 2/15/07, Dinner <[EMAIL PROTECTED]> wrote: > > > > Lot of work for not much difference. Might as well set the session > > > > timeout really really low or something, right? > > > > > > If I were trying to find sanity in the desired approach, I'd first > > > have to accept the fact that you *cannot* have cookies. In an > > > environment where site customers are all corporate, and an entire > > > building's worth of buyers could all be sharing the same cookie thanks > > > to some fascist security scheme, the use of cookies can be > > > catastrophic. Been there. So I understand the requirement although I > > > pity to poor guy who has to comply with it. > > > > So we've got to keep it going from request to request, via form or url > > params-- doable, but needs strict "form" to accomplish well (and length > > may be an issue-- thus, the custom token). > > > > Or a smart "render-er", I guess. Pipe normal code thru, out comes > > tokened code? Hrm... pretty damn hard to make [well =]. > > > > > Given that, a short session timeout would not solve the problem. If I > > > was stuck passing url tokens of some kind, a continuously morphing one > > > sounds like a step up from a static one; at least on the surface. > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269976 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
