IMHO the reason you use session is that not everyone enables cookies. If you use the session, then you can use URL parameters to maintain the session.
via droid On Dec 2, 2009 12:37 PM, "Mark Davis" <[email protected]> wrote: How many of you, in either your application.cfm or application.cfc, set your loginStorage = session and how many set it to cookie (or leave it off, which defaults to cookie). I am having a discussion with a co-worker about the two options. I read in different places about how specifying session for this is preferred and it even says to specify session in the CF8 Best Practices whitepaper. http://www.adobe.com/devnet/coldfusion/articles/dev_security/coldfusion_security_cf8.pdf My question is...what specific values don't get written to cookie if you specify session? Oh, and this is all using J2EE session mgmt. Thanks Mark -- You received this message because you are subscribed to the "Houston ColdFusion Users' Group" discussion list. To unsubscribe, send email to [email protected] For more options, visit http://groups.google.com/group/houcfug?hl=en -- You received this message because you are subscribed to the "Houston ColdFusion Users' Group" discussion list. To unsubscribe, send email to [email protected] For more options, visit http://groups.google.com/group/houcfug?hl=en
