You can see code for doing what Doug's saying in the tutorials section at
www.halhelms.com. The example uses session vars, but will work with either,
as Doug says.
-----Original Message-----
From: Douglas Smith [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 04, 2000 1:09 PM
To: Fusebox
Subject: RE: (In)Securing a FuseBox Application
At 02:25 PM 12/2/00 -0600, Dave McKenna wrote:
>. If the user logs out or closes their browser,
>their state goes away when I'm using session variables; that's not
>necessarily the case with client variables.
Actually that's NOT the case with session variables, EITHER.
If you set your session time-out, say over a couple of hours, you will
notice that you can close your browser, and open it again, and you will
still be logged onto the the web site, even with session variables.
Session variables and Client variables act EXACTLY the same way, in this
regard, except the Allaire provided a tool that allows you to select down
to the minute or second for session variables, but only down to 1/10 of a
day for client variables. Client "sessions" and session "sessions" are
both based on the CFTOKEN/CFID cookies, which never expire from the user's
browser (ie, have an expiration date FAR in the future or of NEVER)
If you want the user to be logged out when they close their browser (vs
when the session expires), then, the way I solve this problem is: Set a
second TEMPORARY (memory only) cookie when they log in. If that cookie
does not exist, then they closed their browser, and need to login
again. This works for both Client and session variables.
Douglas Smith
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
