On 5/28/05, Ben Rogers <[EMAIL PROTECTED]> wrote: > So, it appears to have been a bug and is supposedly fixed.
Yes, it was fixed. > Regardless, the > point is that JSESSIONID gets appended to the file name, not the query > string. The web server / web connector should handle this (Apache does, IIS doesn't in some configurations). By the time you get the URL scope and the CGI path, the ;jsessionid=xxx attribute will have been removed (I think). I've certainly never had a problem with this. Whilst I agree that it's good to know there are tradeoffs, I think you're making things out to be worse than they are... Having evaluated the tradeoffs, I would never use the old CFID/CFTOKEN method again. Also read the docs about all the benefits that you get from J2EE sessions: http://livedocs.macromedia.com/coldfusion/7/htmldocs/00001156.htm "J2EE session management provides the following advantages over ColdFusion session management: * J2EE session management uses a session-specific session identifier, jsessionid, which is created afresh at the start of each session. * You can share session variables between ColdFusion pages and JSP pages or Java servlets that you call from the ColdFusion pages. * The session automatically ends when the user closes all browser windows. * The Session scope is serializable (convertible into a sequence of bytes that can later be fully restored into the original object). With ColdFusion session management, the Session scope is not serializable. Only serializable scopes can be shared across servers. Therefore, consider using J2EE session management in any of the following cases: * You want to maximize session security, particularly if you also use client variables * You want to share session variables between ColdFusion pages and JSP pages or servlets in a single application. * You want to be able to manually terminate a session while maintaining the client identification cookie for use by the Client scope. * You want to support clustered sessions; for example, to support session failover among servers." -- Sean A Corfield -- http://corfield.org/ Team Fusebox -- http://fusebox.org/ Got Gmail? -- I have 50, yes 50, invites to give away! "If you're not annoying somebody, you're not really alive." -- Margaret Atwood ---------------------------------------------------------- You are subscribed to cfcdev. To unsubscribe, send an email to [email protected] with the words 'unsubscribe cfcdev' as the subject of the email. CFCDev is run by CFCZone (www.cfczone.org) and supported by CFXHosting (www.cfxhosting.com). CFCDev is supported by New Atlanta, makers of BlueDragon http://www.newatlanta.com/products/bluedragon/index.cfm An archive of the CFCDev list is available at www.mail-archive.com/[email protected]
