> in your cfapplication tag, you can setclientcookies='no', then > set cookie-scoped cfid and cftoken variables equal to the > session-scoped cfid and cftoken variables. since cookie scope > does not persist, your cookies will remain intact only until the > browser is closed. > > this technique eliminates two problems: 1) clients with cookies > disabled and, 2) session variables persisting after the user has > closed his browser.
There are two issues with what you've stated. First, the cookie scope can very well persist; it doesn't persist if you omit the EXPIRES attribute in your CFCOOKIE tag, which will create what is often called a "session cookie". Second, if the client has cookies completely disabled, this will include session cookies, so you'd then have to pass the CFID and CFTOKEN values from the browser to the server on each subsequent request, either via URL or Form variables. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
