> 1. What type of variables that I can use for user login?
> I want the "session" always be deleted automatically when
> the user close the browser. (like login in CF Administrator
> page)
Session variables are generally your best bet for this, unless you expect
the application to be deployed in a server cluster. You can destroy the
user's connection to their session variables by setting the CFID and CFTOKEN
cookies as "session" cookies in application.cfm. Here's one way to do that:
<cfapplication name="foo"
sessionmanagement="true"
setclientcookies="false">
<cfif not IsDefined("Cookie.CFID")>
<cflock scope="Session" timeout="2" type="readonly"
throwontimeout="false">
<cfcookie name="CFID" value="#Session.CFID#">
<cfcookie name="CFTOKEN" value="#Session.CFTOKEN#">
</cflock>
</cfif>
The lack of an EXPIRES parameter in the CFCOOKIE tags instructs the browser
not to store these cookies when the browser is closed.
Of course, if you're not using cookies to track a user's session token, you
can destroy that user's connection to their session by simply not using the
CFID and CFTOKEN variables in any URLs.
> 2. How can I always attach CFID and CFTOKEN in every link on
> my page? Should I put addtoken="yes"? Where?
I'm afraid you'll have to do this manually, in every link and FORM action.
You can use ADDTOKEN="YES" (which I believe is the default value) in your
CFLOCATION tags, so that they too will pass CFID and CFTOKEN.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
