Re: Client Variables NOT expiring

Thu, 12 Jul 2001 11:10:01 -0700 

Dave,
Do you set this tag (cfapplication) on the fly in the middle of your code
somewhere or is this located in the Application.cfm file?
Is it safe to set the Session.CFID and Session.CFTOKEN to "" to knock them
out?  Do they get regenerated and set to a new value if you do?

In my situation, I want to let the user logout but still able to browse the
"unprotected" portions of the web site as "anonymous".  That way if they
leave and later come back or someone else comes and uses their computer and
try to enter the protected area, the login screen appears.  That later part
I have operational, it's the logout that doesn't work due to persistent
CFID/CFTOKEN.  I have setclientcookies="Yes" in my cfapplication tag in my
Application.cfm file.

Bruce

----- Original Message -----
From: "Dave Watts" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, July 12, 2001 8:32 AM
Subject: RE: Client Variables NOT expiring


> > Sorry - but for some strange reason I have not yet received your
> > first reply! In any case - I will go play with DeleteClientVariable(),
> > though what I really need is for the CFID and CFTOKEN cookies to
> > disappear from the client browser. They seem to "remain". So, I
> > close my browser, but on return to the site - the system still
> > knows my CFID and CFTOKEN! As far as I can tell - this shouldn't
> > be happening. It's a security issue that I need to overcome.
>
> That's the default behavior for the CFID and CFTOKEN cookies set by
> CFAPPLICATION - they're persistent. If you want non-persistent "session"
> cookies, you'll have to create or overwrite them yourself. Here's an
> example, which uses the SETCLIENTCOOKIES attribute of CFAPPLICATION to
> prevent the automatic creation of cookies, then manually creates
> non-persistent cookies with CFCOOKIE:
>
> <cfapplication name="myapp" clientmanagement="true"
> clientstorage="myclientdb" setclientcookies="no">
>
> <cfif not IsDefined("Cookie.CFID")>
> <cfcookie name="CFID" value="#Client.CFID#">
> <cfcookie name="CFTOKEN" value="#Client.CFTOKEN#">
> </cfif>
>
> Dave Watts, CTO, Fig Leaf Software
> http://www.figleaf.com/
> voice: (202) 797-5496
> fax: (202) 797-5444
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Reply via email to