You could pass something on the url which would indicate to the clientsite to kill the session placing the code to do this before the application.cfm. However if the user notices the url string and keeps adding it, this will kill the session everytime. Another choice option is to check the http referer.
Kola Oyedeji Web developer Macromedia Certified Advanced ColdFusion 5 Developer ekeda ltd http://www.ekeda.co.uk (+44)020-8429-7300 > -----Original Message----- > From: Lacey Lawson [mailto:[EMAIL PROTECTED]] > Sent: 22 January 2002 14:54 > To: CF-Talk > Subject: sessions and secure servers > > > I have a shopping cart that uses cfid and cftoken as identifiers for > customers. When they get to the end of placing the order, I have the > following code to kill the variables: > > <CFSET STRUCTCLEAR(APPLICATION)> > <CFSET STRUCTCLEAR(SESSION)> > <CFLOOP INDEX="X" LIST="#GetClientVariablesList()#"> > <CFSET DELETED = DELETECLIENTVARIABLE("#X#")> > </CFLOOP> > <CFCOOKIE NAME="cfid" EXPIRES="NOW"> > <CFCOOKIE NAME="cftoken" EXPIRES="NOW"> > <CFCOOKIE NAME="cfglobals" EXPIRES="NOW"> > > However, since this is done on the secure server > (https://myserver.hostdomain.com/clientdir) and the variables > were set on > the client's domain (www.clientsite.com), it doesn't kill the > ones that were > set at www.clientsite.com, and when you return to the site, > the variables > ______________________________________________________________________ Dedicated Windows 2000 Server PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation � $99/Month � Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusiona FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
