On 7/17/07, Charlie Griefer <[EMAIL PROTECTED]> wrote: > > to clarify on that... there is one point of contention in the comments > section of the docs regarding this... > > http://livedocs.adobe.com/coldfusion/7/htmldocs/00001163.htm
that's interesting. I have to agree that the session does NOT end when the user closes the browser. The session ends when the timeout period is reached, at which point the onSessionEnd() method of application.cfc (if used) is fired. Although the j2ee sessionid is stored in a non-persistent cookie, nothing says that someone couldn't snatch up that session ID and use it BEFORE the timeout, either by faking the cookie or putting it in the URL. Either way, it's not *THAT* different from regular coldfusion session variables, except that the session COOKIE is deleted when the user closes his or her browser. Rick ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Macromedia ColdFusion MX7 Upgrade to MX7 & experience time-saving features, more productivity. http://www.adobe.com/products/coldfusion?sdid=RVJW Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:283925 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
