RE: session and client variables

Fri, 01 Jun 2001 08:01:26 -0700 

Paul

Put this in your application.cfm:

<cfif IsDefined("Cookie.CFID") AND IsDefined("Cookie.CFTOKEN")>
        <cfset cfid_local = Cookie.CFID>
        <cfset cftoken_local = Cookie.CFTOKEN>
        <cfcookie name="CFID" value="#cfid_local#">
        <cfcookie name="CFTOKEN" value="#cftoken_local#">
</cfif>  

This will ensure that whenever they close the broswer the session is killed
(or rather their link to the set of client vars is broken).  The client vars
weill then get destroyed when the timeout is reached.

-----Original Message-----
From: Paul Johnston [mailto:[EMAIL PROTECTED]]
Sent: 01 June 2001 16:02
To: CF-Talk
Subject: session and client variables


Anyone,

I have come up with a slight issue in the past, and it is this:

If you are using client variables for a secure section of a website and they
have a timeout (say 10 minutes). The users closes the browser thinking that
they have logged out (when they haven't) and the cookies (let's assume
cookies here) get destroyed by an onunload="" event. The logout script
destroys the cookies when the user leaves the secure section, so we don't
worry about that.

Bearing in mind that an onunload event doesn't work consistently in all
browsers (it's a known bug in Netscape) does anyone have a solution (barring
recoding of the site to use the urltoken), for destroying the cookies in the
users browser that works cross-browser (ie Netscape 4+, IE 4+ and Netscape
6)?

The problem is that it is entirely possible (and sensible) that the cookie
should stay on the user machine if they come back to the site so that they
are logged in (assuming the ten minutes isn't up), but what if they are in
an internet cafe and the ten minutes aren't up?

(Let's assume we're using a clustered server here so session variables
become virtually pointless... or do they?)

Any replies welcome (ie sensible ones).

Paul
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Reply via email to