You *can*, but don't have to use url variables. Appending url values to maintain session would suck. I have
<cfapplication name="sessionStorageTest" sessionManagement="true" loginStorage="session" /> the CFID and CFToken are still written to a cookie, but apparently, these aren't used to uniquely identify a browser. http://kb2.adobe.com/cps/179/tn_17915.html "With J2EE session management, ColdFusion uses a new variable, the JSESSIONID, to track a user's browser session instead of CFID/CFTOKEN. ColdFusion MX still creates the CFID and CFTOKEN values, however, but these values are no longer used to uniquely identify browser sessions." Now, a JSessionID value is written to the cookie also. This, I assume, is what is checked to maintain state. So even with loginStorage="session" on the CFApplication tag, a value that is in the cookie is responsible for state? I am not seeing the benefit _____ From: Mike G [mailto:[email protected]] Sent: Wednesday, December 02, 2009 1:30 PM To: [email protected] Subject: Re: [houcfug] loginStorage for apps IMHO the reason you use session is that not everyone enables cookies. If you use the session, then you can use URL parameters to maintain the session. via droid On Dec 2, 2009 12:37 PM, "Mark Davis" <[email protected]> wrote: How many of you, in either your application.cfm or application.cfc, set your loginStorage = session and how many set it to cookie (or leave it off, which defaults to cookie). I am having a discussion with a co-worker about the two options. I read in different places about how specifying session for this is preferred and it even says to specify session in the CF8 Best Practices whitepaper. <http://www.adobe.com/devnet/coldfusion/articles/dev_security/coldfusion_sec urity_cf8.pdf> http://www.adobe.com/devnet/coldfusion/articles/dev_security/coldfusion_secu rity_cf8.pdf My question is...what specific values don't get written to cookie if you specify session? Oh, and this is all using J2EE session mgmt. Thanks Mark -- You received this message because you are subscribed to the "Houston ColdFusion Users' Group" discussion list. To unsubscribe, send email to [email protected] For more options, visit http://groups.google.com/group/houcfug?hl=en -- You received this message because you are subscribed to the "Houston ColdFusion Users' Group" discussion list. To unsubscribe, send email to [email protected] For more options, visit http://groups.google.com/group/houcfug?hl=en -- You received this message because you are subscribed to the "Houston ColdFusion Users' Group" discussion list. To unsubscribe, send email to [email protected] For more options, visit http://groups.google.com/group/houcfug?hl=en
