> Sorry - but for some strange reason I have not yet received your
> first reply! In any case - I will go play with DeleteClientVariable(),
> though what I really need is for the CFID and CFTOKEN cookies to
> disappear from the client browser. They seem to "remain". So, I
> close my browser, but on return to the site - the system still
> knows my CFID and CFTOKEN! As far as I can tell - this shouldn't
> be happening. It's a security issue that I need to overcome.
That's the default behavior for the CFID and CFTOKEN cookies set by
CFAPPLICATION - they're persistent. If you want non-persistent "session"
cookies, you'll have to create or overwrite them yourself. Here's an
example, which uses the SETCLIENTCOOKIES attribute of CFAPPLICATION to
prevent the automatic creation of cookies, then manually creates
non-persistent cookies with CFCOOKIE:
<cfapplication name="myapp" clientmanagement="true"
clientstorage="myclientdb" setclientcookies="no">
<cfif not IsDefined("Cookie.CFID")>
<cfcookie name="CFID" value="#Client.CFID#">
<cfcookie name="CFTOKEN" value="#Client.CFTOKEN#">
</cfif>
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
