> Isn't the idea to leave the cookies as they are, but destroy the session and it's contents?
I don't think that would be a very good idea in the case of CF (and may not even work). And, in a hardware load balanced environment (i.e. non-session sharing), you can't gaurantee that the user's session is completely gone. > I always liked the fact that the user has the same CFID etc. upon every visit. Which may work OK in an intranet environment but is not completely reliable outside of that - especially with a hardware load balanced environment. > I guess the issue you guys are having is that the user could be using a public terminal. What about "I am on a public temrinal" In our case, most of our clients are not on a public terminal (just their PC at home or at work). The issue is about ensuring that the cookies go away and can't possibly be sent out as duplicates by any caching point in between the server and the client. So, I am guessing we are saying that we don't want the CFID/CFTOKEN cookies to persist after the user shuts down their browser because then we don't need to rely on the user to clear them out by checking a box during login. In our case, if we wanted to provide users with that option, we would make the checkbox work more like many other sites with a "Remember me" option. Being governed by finance industry regulations, we need to be protecting the user against themselves. Gary Menzel Web Development Manager IT Operations Brisbane -+- ABN AMRO Morgans Limited Level 29, 123 Eagle Street BRISBANE QLD 4000 PH: 07 333 44 828 FX: 07 3834 0828 **************************************************************************** If this communication is not intended for you and you are not an authorised recipient of this email you are prohibited by law from dealing with or relying on the email or any file attachments. This prohibition includes reading, printing, copying, re-transmitting, disseminating, storing or in any other way dealing or acting in reliance on the information. If you have received this email in error, we request you contact ABN AMRO Morgans Limited immediately by returning the email to [EMAIL PROTECTED] and destroy the original. We will refund any reasonable costs associated with notifying ABN AMRO Morgans. This email is confidential and may contain privileged client information. ABN AMRO Morgans has taken reasonable steps to ensure the accuracy and integrity of all its communications, including electronic communications, but accepts no liability for materials transmitted. Materials may also be transmitted without the knowledge of ABN AMRO Morgans. ABN AMRO Morgans Limited its directors and employees do not accept liability for the results of any actions taken or not on the basis of the information in this report. ABN AMRO Morgans Limited and its associates hold or may hold securities in the companies/trusts mentioned herein. Any recommendation is made on the basis of our research of the investment and may not suit the specific requirements of clients. Assessments of suitability to an individual's portfolio can only be made after an examination of the particular client's investments, financial circumstances and requirements. **************************************************************************** --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia http://www.mxdu.com/ + 24-25 February, 2004
