> Is there any way to make a cookie expire after 30 minutes?This is possible but not as straightforward as it might seem. You can use the CFCOOKIE EXPIRES attribute specifying a date-time object, but that would be based on the server time. It is then left to the browser to enforce the expiry, which will be based on the client clock which may be way out of sync with the server clock esp. for such a narrow time window. One way to get round this problem is to generate javascript to write the cookie, which will then use the client clock as the base for the expiry time. > I want to prevent the user from logging into the website after x number > of failed attempts for at least 30 mins on that machine. Why not use a session parameter and set the session expiry to 30 minutes? Although the user can still easily erase the CFID and CFTOKEN cookies from the browser and appear as a new user. > Another approach could be logging and blocking by the IP ADDRESS of > client machine, but I think this is a bit unreliable since an IP address > could be shared for different machines. Absolutely correct, especially if many of your users are going to come in from the same intranet. Regards: Ayudh +----------------------------------------------------------------+ | SOAP is the glue! Hook up your server directly to your bank. | | Connect to VeriPay xServ, the Australian Payments Web Service. | | Reliable, Secure, FAST: http://www.xilo.com/xserv | +----------------------------------------------------------------+ --- You are currently subscribed to cfaussie as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED] Aussie Macromedia Developers: http://lists.daemon.com.au/
