> In CF 10 Administrator, go to "Server Settings" -->"Memory Variables" & > scroll down to "Session Cookie Settings". The > "Session Cookie Settings" have complete control over the expires attribute > for cookie.CFID & cookie.CFToken. When > you set them like this: <cfset Cookie.cfid = SESSION.CFID> <cfset > Cookie.cftoken = SESSION.CFToken> in > OnSessionStart, the expires date gets set to the value set in "Session Cookie > Settings" (minimum setting is 2 minutes) > & this setting cannot be turned off. I tried using 0 and -1 to see if that > would disable it from setting the expires attribute > (for Cookie.cftoken & cookie.CFToken), it did not. In previous versions of > CF, if you did not set the expires attribute when > you set cookie.CFID and cookie.CFToken, these cookies would expire when you > closed the browser, this is no longer > the case for cookie.CFID and cookie.CFToken.
You can still do this, but you have to tell CF not to set the cookies itself in the first place. That said, you'd be better off following Jochem's suggestion to use J2EE sessions instead. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351836 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
