yes, those are both good points to consider. thank you for the clarification. :)
~ dina ----- Original Message ----- From: "Dave Watts" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Friday, May 10, 2002 12:49 PM Subject: RE: refreshing CFID + CFTOKEN with client-side JavaScript? > > in your cfapplication tag, you can setclientcookies='no', then > > set cookie-scoped cfid and cftoken variables equal to the > > session-scoped cfid and cftoken variables. since cookie scope > > does not persist, your cookies will remain intact only until the > > browser is closed. > > > > this technique eliminates two problems: 1) clients with cookies > > disabled and, 2) session variables persisting after the user has > > closed his browser. > > There are two issues with what you've stated. First, the cookie scope can > very well persist; it doesn't persist if you omit the EXPIRES attribute in > your CFCOOKIE tag, which will create what is often called a "session > cookie". Second, if the client has cookies completely disabled, this will > include session cookies, so you'd then have to pass the CFID and CFTOKEN > values from the browser to the server on each subsequent request, either via > URL or Form variables. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > voice: (202) 797-5496 > fax: (202) 797-5444 > > ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
