As long as J2EE sessions are enable in the CF Admin, yes the standalone will use them.
Loginstorage just tells CF to store your CFLOGIN info wither in a separate cookie or in a session variable. The session variable is probably more secure as far as an external attack goes. Setdomaincookies=true simply means if I have a site called fred.bloggs.com, it will set cookies for bloggs.com rather than just fred.bloggs.com (meaning that joe.bloggs.com can also use my login cookie). If you don't use subdomains, you don't need it. On 5/14/07, Robert Rawlins - Think Blue <[EMAIL PROTECTED]> wrote: > Ah that's good to know, I'm running SSL. I'm guessing the J2EE sessions are > pretty tidy them. I'm running ColdFusion in its standalone mode, does that > still use J2EE sessions? > > Are there any specific application settings I should be using in my > application.cfc to help keep this all buttoned down, i've never really > understood the loginstorage settings and the setdomaincookie variables. -- mxAjax / CFAjax docs and other useful articles: http://www.bifrost.com.au/blog/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create Web Applications With ColdFusion MX7 & Flex 2. Build powerful, scalable RIAs. Free Trial http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJS Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:278051 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
