Re: session and client variables

Fri, 01 Jun 2001 09:26:47 -0700 

All you appear to be doing is reading and writing the cookies.

Exactly how does this stop the user closing the browser and not having the
cookie's destroyed?

When the user re-starts the browser and goes to that page, the cookies still
exist (as far as I can tell).

Paul
-----Original Message-----
From: Andy Ewings <[EMAIL PROTECTED]>
To: CF-Talk <[EMAIL PROTECTED]>
Date: 01 June 2001 16:47
Subject: RE: session and client variables


>Paul
>
>Put this in your application.cfm:
>
><cfif IsDefined("Cookie.CFID") AND IsDefined("Cookie.CFTOKEN")>
> <cfset cfid_local = Cookie.CFID>
>  <cfset cftoken_local = Cookie.CFTOKEN>
>  <cfcookie name="CFID" value="#cfid_local#">
>  <cfcookie name="CFTOKEN" value="#cftoken_local#">
></cfif>
>
>This will ensure that whenever they close the broswer the session is killed
>(or rather their link to the set of client vars is broken).  The client
vars
>weill then get destroyed when the timeout is reached.
>
>-----Original Message-----
>From: Paul Johnston [mailto:[EMAIL PROTECTED]]
>Sent: 01 June 2001 16:02
>To: CF-Talk
>Subject: session and client variables
>
>
>Anyone,
>
>I have come up with a slight issue in the past, and it is this:
>
>If you are using client variables for a secure section of a website and
they
>have a timeout (say 10 minutes). The users closes the browser thinking that
>they have logged out (when they haven't) and the cookies (let's assume
>cookies here) get destroyed by an onunload="" event. The logout script
>destroys the cookies when the user leaves the secure section, so we don't
>worry about that.
>
>Bearing in mind that an onunload event doesn't work consistently in all
>browsers (it's a known bug in Netscape) does anyone have a solution
(barring
>recoding of the site to use the urltoken), for destroying the cookies in
the
>users browser that works cross-browser (ie Netscape 4+, IE 4+ and Netscape
>6)?
>
>The problem is that it is entirely possible (and sensible) that the cookie
>should stay on the user machine if they come back to the site so that they
>are logged in (assuming the ten minutes isn't up), but what if they are in
>an internet cafe and the ten minutes aren't up?
>
>(Let's assume we're using a clustered server here so session variables
>become virtually pointless... or do they?)
>
>Any replies welcome (ie sensible ones).
>
>Paul
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Reply via email to