I forgot about the persistence issue. Personally, I consider the lack of session persistence to be a security benefit. But not everyone will agree. -Carl V.
On 3/7/2014 11:17 AM, Dave Watts wrote: > If you're not directly referencing CFID and CFTOKEN in your code, and > you're not relying on the default persistence of CF session cookies, > you should be able to just enable that option. > > By "the default persistence of CF session cookies", I mean that CF's > session cookies by default don't get deleted when the browser is > closed. J2EE session cookies do. So, if a user logs into your app, > closes the browser, then opens it back up, the user will have to log > in again if you're using J2EE sessions even if the session would not > have expired otherwise. > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357886 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
