Thanks for the info, Dave! Rick
> -----Original Message----- > From: Dave Watts [mailto:[email protected]] > Sent: Wednesday, January 07, 2009 8:47 PM > To: cf-talk > Subject: Re: Desparate!!!! Need someone to look at my code and figure out the > problem! > > > Are jssession cookies preferable, or does it matter? > > Well, it depends. If you're referencing CFID and CFTOKEN in your code, > you'll want to stick with CF's default cookies. If you're not, the > advantages of using J2EE session management are that the cookie is > non-persistent - it's closed when the browser is closed - and that > it's a UUID value which is significantly harder to guess (or more > accurately, identify by a brute-force attack) than two large integers. > But you can use a UUID for CFTOKEN also, if you like, and you can > rewrite CF's default cookies to be non-persistent. The one advantage > of J2EE session management that you can't get with CF's default > cookies is if you'd like to integrate Java servlets or JSP pages > within a CF application (or CF pages within a J2EE web application). > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > > Fig Leaf Software provides the highest caliber vendor-authorized > instruction at our training centers in Washington DC, Atlanta, > Chicago, Baltimore, Northern Virginia, or on-site at your location. > Visit http://training.figleaf.com/ for more information! > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:317588 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
