> I realize that, that's why I said "when the user logs out (destroys session > vars like supposed to)", maybe I should have said "and the application > destroys session vars like supposed to" ...
I think that is what I am saying. The default behaviour of Cold Fusion Sessions is that the Session will only be destroyed after the timeout period has elapsed. It wont be destroyed just because the user logs out and/or shuts down all browsers. If they use a log out facility, you can destroy any Session variables you may have created during that time, but the "Session" itself is still active. When you use cookies that expire immediately, the original Session still exists until the timeout period has elapsed, BUT the user gets a new CFID/CFTOKEN which creates a new "session" in the application. In response to your most recent post about the CFID in the URL..... The CFID and CFTOKEN exist on a per-browser/per-connection basis. So two browsers of the same type will get the same CFID/CFTOKEN. So this wont be able to distinguish between to separate instances of data. Using CFID/CFTOKEN in the URL is a technique used to avoid using cookies to serve these up with each request. If we are talking about using the facilities the language provides to implement a solution, I would say that CF is deficient in it's ability to support multiple session instances from the same browser type on a singnle machine and that you have to come up with other mechanisms (as has already been mentioned a UUID passed over to identify each instance) to implement this. Gary Menzel Web Development Manager IT Operations Brisbane -+- ABN AMRO Morgans Limited Level 29, 123 Eagle Street BRISBANE QLD 4000 PH: 07 333 44 828 FX: 07 3834 0828 If this communication is not intended for you and you are not an authorised recipient of this email you are prohibited by law from dealing with or relying on the email or any file attachments. This prohibition includes reading, printing, copying, re-transmitting, disseminating, storing or in any other way dealing or acting in reliance on the information. If you have received this email in error, we request you contact ABN AMRO Morgans Limited immediately by returning the email to [EMAIL PROTECTED] and destroy the original. We will refund any reasonable costs associated with notifying ABN AMRO Morgans. This email is confidential and may contain privileged client information. ABN AMRO Morgans has taken reasonable steps to ensure the accuracy and integrity of all its communications, including electronic communications, but accepts no liability for materials transmitted. Materials may also be transmitted without the knowledge of ABN AMRO Morgans. ABN AMRO Morgans Limited its directors and employees do not accept liability for the results of any actions taken or not on the basis of the information in this report. ABN AMRO Morgans Limited and its associates hold or may hold securities in the companies/trusts mentioned herein. Any recommendation is made on the basis of our research of the investment and may not suit the specific requirements of clients. Assessments of suitability to an individual?s portfolio can only be made after an examination of the particular client?s investments, financial circumstances and requirements. --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia http://www.mxdu.com/ + 24-25 February, 2004
