Re: FuseBox Replacement of Cookies

Mon, 16 Apr 2001 14:57:13 -0700 

If you use session or client-variables to see if a user
is logged in, you can use URLTOKEN to replace the use
of a cookie.

In most cases a cookie is used to store the CFID and
CFTOKEN, which are used to reference to the session or
client variables. When you use URLTOKEN the CFID
and CFTOKEN aren't put in a cookie, since they are already
present in your URLTOKEN.....

So it only replaces a cookie when you put your login-variables
in session- or client-variables. When you use COOKIE.user_uuid
URLTOKEN doesn't replace your cookie.

The only question I have, is there a way that the COOKIE with
CFID and CFTOKEN is thrown away at the end of a session?

My problem is that when a user starts up another browser (not a new
window (CTRL +N)), the same COOKIE is read by this browser
and this has access to the same session-variables. This is not always
wanted....

And in some companies, people share computers. So it's possible that
a person is hijacking a session or using client-variables from another
person if he is going to use this computer. Putting timeouts for client-
variables or session-variables isn't always the solution.....

If there was only a way to put something like COOKIE-TIMEOUT in
your CFAPPLICATION..........

With kind regards,
Erik


----- Original Message -----
From: "Steve Kelley" <[EMAIL PROTECTED]>
To: "Fusebox" <[EMAIL PROTECTED]>
Sent: Monday, April 16, 2001 23:38
Subject: FuseBox Replacement of Cookies


> I read the section in the Nelson/Girard FB book concerning <cfapplication>
> and the issue of cookies (page 37) and don't quite grasp the entire issue.
I
> understand how to implement the URLTOKEN, but don't understand how to
> implement this in replace of the cookies I currently use to determine if a
> user has successfully logged in during that session.
>
> I'd appreciate someone filling in this gap in my understanding. Thanks.
>
> Steve Kelley
> SRKelley Enterprises, Inc.
> www.HollywoodPaws.com
> [EMAIL PROTECTED]
>
>
> Archives: http://www.mail-archive.com/[email protected]/
> Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Reply via email to