Great advice Andrew, I think that a list of unique id's for the users makes good sense, I'm thinking maybe not their exact unique ID used as the key in the user table, perhaps I create a separate column which contains a UUID or something along those lines? Somehow feels safer that way.
Thanks again mate, Rob -----Original Message----- From: Andrew Scott [mailto:[EMAIL PROTECTED] Sent: 01 September 2007 13:43 To: CF-Talk Subject: Re: Multiple Users Per Cookie. No such thing as multiple cookies for a domain ro website. But yes a list could work, but it is limited. your best bet is a unique ID thta can then look up the DB and find all the usernames that user has. On 9/1/07, [EMAIL PROTECTED] < [EMAIL PROTECTED]> wrote: > > Hello Guys and Girls, > > I generally haven't had that much experience with setting custom cookies > for my applications using the <cfcookie> tag so thought I'd come on and > get a little advice about the best way to handle this concept. > > The idea is to have a 'remember me' type feature on the login for my > application, which saves just the username, not the password of the user, > so when they next come to the site the form is already populated with > their username. > > Now the slight difference with this is that I want to be able to save > multiple users into the cookie, so if several user access the site from > the same system, when they come to login, it presents them with a list of > users that they can then choose their account, enter the appropriate > password and away they go, kind of like a windows xp login I guess. If > they are not in the list It'll give them the option to sign in with a > different account, which they can then chose the 'remember me' option > for, if they wish, they too will then be added to the cookie list. > > What is the best way of doing this? Can I store a list of users into the > 'username' variable inside the cookie? Or do I set multiple cookies? What > is the best way to update the cookie if I want to add or remove particular > users from it? > > I'd also be interested to hear other general security tips on setting > these kinds of cookies, should I be encrypting the data in any kind of way > when I set it? I'll be running the site over SSL so will be sure to use > the 'secure' attribute when setting the cookie to ensure only secure > clients are being passed the information. Is there anything else I should > be considering? Perhaps an expiry period of a month or so? > > I'm just trying to find that balance of security vs. user experience. > > Thanks people, > > Rob > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion is delivering applications solutions at at top companies around the world in government. Find out how and where now http://www.adobe.com/cfusion/showcase/index.cfm?event=finder&productID=1522&loc=en_us Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:287595 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
