Robert, If multiple users access your website from the same computer, there are several possible scenarios:
1. They are all logging into the same computer as the same user, therefore windows will not know it's a different user, therefore their browser will contain the same set of cookies between each session. Only in this scenario could your idea work and even then, I wouldn't reccomend it, as this could become a problem when people use a public computer (such as a library, school or internet cafe) 2. Multiple users are logging into the same physical computer using different login accts. In this scenario, each user's cookies will be unique and your idea won't work. Just wanted to point that out. Also, most common browsers these days offer form "memory" of some sort now and as a result building this feature into your app is often not really needed. =] On 9/1/07, Robert Rawlins - Think Blue <[EMAIL PROTECTED]> wrote: > Great advice Andrew, > > I think that a list of unique id's for the users makes good sense, I'm > thinking maybe not their exact unique ID used as the key in the user table, > perhaps I create a separate column which contains a UUID or something along > those lines? Somehow feels safer that way. > > Thanks again mate, > > Rob > > -----Original Message----- > From: Andrew Scott [mailto:[EMAIL PROTECTED] > Sent: 01 September 2007 13:43 > To: CF-Talk > Subject: Re: Multiple Users Per Cookie. > > No such thing as multiple cookies for a domain ro website. > > But yes a list could work, but it is limited. your best bet is a unique ID > thta can then look up the DB and find all the usernames that user has. > > > > On 9/1/07, [EMAIL PROTECTED] < > [EMAIL PROTECTED]> wrote: > > > > Hello Guys and Girls, > > > > I generally haven't had that much experience with setting custom cookies > > for my applications using the <cfcookie> tag so thought I'd come on and > > get a little advice about the best way to handle this concept. > > > > The idea is to have a 'remember me' type feature on the login for my > > application, which saves just the username, not the password of the user, > > so when they next come to the site the form is already populated with > > their username. > > > > Now the slight difference with this is that I want to be able to save > > multiple users into the cookie, so if several user access the site from > > the same system, when they come to login, it presents them with a list of > > users that they can then choose their account, enter the appropriate > > password and away they go, kind of like a windows xp login I guess. If > > they are not in the list It'll give them the option to sign in with a > > different account, which they can then chose the 'remember me' option > > for, if they wish, they too will then be added to the cookie list. > > > > What is the best way of doing this? Can I store a list of users into the > > 'username' variable inside the cookie? Or do I set multiple cookies? What > > is the best way to update the cookie if I want to add or remove particular > > users from it? > > > > I'd also be interested to hear other general security tips on setting > > these kinds of cookies, should I be encrypting the data in any kind of way > > when I set it? I'll be running the site over SSL so will be sure to use > > the 'secure' attribute when setting the cookie to ensure only secure > > clients are being passed the information. Is there anything else I should > > be considering? Perhaps an expiry period of a month or so? > > > > I'm just trying to find that balance of security vs. user experience. > > > > Thanks people, > > > > Rob > > > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade to ColdFusion 8 and integrate with Adobe Flex http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:287606 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
