Hello Guys and Girls, I generally havent had that much experience with setting custom cookies for my applications using the <cfcookie> tag so thought Id come on and get a little advice about the best way to handle this concept.
The idea is to have a remember me type feature on the login for my application, which saves just the username, not the password of the user, so when they next come to the site the form is already populated with their username. Now the slight difference with this is that I want to be able to save multiple users into the cookie, so if several user access the site from the same system, when they come to login, it presents them with a list of users that they can then choose their account, enter the appropriate password and away they go, kind of like a windows xp login I guess. If they are not in the list Itll give them the option to sign in with a different account, which they can then chose the remember me option for, if they wish, they too will then be added to the cookie list. What is the best way of doing this? Can I store a list of users into the username variable inside the cookie? Or do I set multiple cookies? What is the best way to update the cookie if I want to add or remove particular users from it? Id also be interested to hear other general security tips on setting these kinds of cookies, should I be encrypting the data in any kind of way when I set it? Ill be running the site over SSL so will be sure to use the secure attribute when setting the cookie to ensure only secure clients are being passed the information. Is there anything else I should be considering? Perhaps an expiry period of a month or so? Im just trying to find that balance of security vs. user experience. Thanks people, Rob ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Check out the new features and enhancements in the latest product release - download the "What's New PDF" now http://download.macromedia.com/pub/labs/coldfusion/cf8_beta_whatsnew_052907.pdf Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:287589 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
