I under stand about statelessness ... As I understand it, there are two types of cookies -- cookies that are written the client's disk and cookies that are "session" cookies and are stored in the browser (and therefore lost when the browser is closed).
My assumption is, in using session variables, you are relying on these session cookies. I wonder how often session cookies are blocked. And if they are blocked, what are the consequences to the application. I'm seeing a lot more cookie blocking on some other sites. So do session variables relying on session cookies? Will session variables work if all cookies are blocked? H. Howard Owens Internet Operations Coordinator www.insidevc.com [EMAIL PROTECTED] AIM: GoCatGo1956 > -----Original Message----- > From: Dennis Powers [SMTP:[EMAIL PROTECTED]] > Sent: Monday, October 01, 2001 12:31 PM > To: CF-Talk > Subject: RE: Points of failure for session variables > > Howard, > > Keep this axiom in mind when developing your application: "The Web is > Stateless". Each page request is independent and isolated from each other. > The only way to maintain state is for the web browser to tell the server > who > it is. This is done either with cookies, URL variables or form fields. > In > all cases the web browser is telling the server who it is so that the > server > can determine what should be done. > > Cold Fusion uses two tokens to maintain state: CFID and CFTOKEN. They are > assigned on the first request and if enabled CF attempts to send them to > the > browser as cookies. On each subsequent request the browser sends them > back. > In this way CF can maintain state and allows you to use both Session > Variables (stored in memory) or Client Variables (stored in a database). > > If the browser won't accept cookies then the browser needs to pass those > tokens back to the server as a URL variable or as (hidden) form fields. > > The obvious down side to using URL variables is that someone can have > their > session hijacked if they send the link to someone else. The link will look > something www.somedomain.com/mypage.cfm?CFID=234&CFTOKEN=820123 which is > someone else's session. > > It's not a perfect world we Internet gurus work in <smile>. > > > Best regards, > > Dennis Powers > UXB Internet > (203)879-2844 > http://www.uxbinfo.com/ > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Sunday, September 30, 2001 10:18 PM > To: CF-Talk > Subject: RE: Points of failure for session variables > > Thanks, Jim. > > No cookies. No clusters. > > > -----Original Message----- > From: Jim McAtee [mailto:[EMAIL PROTECTED]] > Sent: Sunday, September 30, 2001 5:39 PM > To: CF-Talk > Subject: Re: Points of failure for session variables > > > If you're relying on cookies to implement session variables, then there > are > a lot of ways that cookies can be blocked or otherwise not passed from > server to client or vise versa. Hardware firewalls, software firewalls, > proxy servers, browser settings are a few. Then there are issues at the > server end... clustering, load balancing. > > Jim > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
