> In your CFapplication tag set the attribute "setClientCookies" > to NO. That way the CFID and CFTOKEN are stored in the session > struct and when the browser closes there is no persistence. > > I should really learn to be more explicit in my short answers. > > If setClientCookies is set to YES then put this just below > the CFAPPLICATION tag: > <cfcookie name="CFID" value="#cookie.cfid#"> > <cfcookie name="CFTOKEN" value="#cookie.cftoken#">
Unfortunately, it's not as simple as that. For Session variables to work, they have to be stored in memory on the CF Server, along with the CFID and CFTOKEN identifiers, and the browser has to send those identifiers back to the server on each subsequent request. So, if you set SETCLIENTCOOKIES to "no" or "false", you'll have to ensure that CFID and CFTOKEN get returned via URL or form variables. Also, on the server, there's no way to tell when the browser has closed. All the server can do is tell that the browser hasn't requested a page since some specific time. So, no matter what you do, in a regular HTML-based interface, the Session variables will persist for some time after the browser has been closed. The best you can usually do is to disconnect the browser from those variables, by not storing the CFID and CFTOKEN values as persistent cookies. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ______________________________________________________________________ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
