Well, let's say you have a regular old web application. When a login is required, you present the user with a login form, or a browser popup, and they provide a username and password. Once you receive that information, you check against your user repository and if the information matches a valid account you either issue a cookie, or set a session variable which in turn is associated with a new or existing session token (which is usually a cookie).
==================== That makes sense. That means that all my CFCs which handled the web service would have to have a cfapplication tag at the start of them to create the session and client variables for that request. I always thought that was bad form for a web service/CFC since they should be fully encapsulated and stand alone -- only using the data which was passed in to them. In this case, it seems they would be "reaching out" of their encapsulated world to grab stuff from session. Or would I have to pass all of that in to the CFC as part of the method call. Or have I gone off the deep end of encapsulation? :) Also, along the lines of accepting cookies. I don't want to assume that my client is a browser. What if it is a Java app, or another CF app consuming the web service? Can they accept cookies? ~Brad ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:276342 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
