> Are jssession cookies preferable, or does it matter? Well, it depends. If you're referencing CFID and CFTOKEN in your code, you'll want to stick with CF's default cookies. If you're not, the advantages of using J2EE session management are that the cookie is non-persistent - it's closed when the browser is closed - and that it's a UUID value which is significantly harder to guess (or more accurately, identify by a brute-force attack) than two large integers. But you can use a UUID for CFTOKEN also, if you like, and you can rewrite CF's default cookies to be non-persistent. The one advantage of J2EE session management that you can't get with CF's default cookies is if you'd like to integrate Java servlets or JSP pages within a CF application (or CF pages within a J2EE web application).
Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:317585 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
