so the reason for the best practice of making loginStorage = session instead
of cookie is to account for the maybe .1% of users with cookies disabled?  I
suppose it could be....just doesn;t totally add up.  Feel like I am missing
something in this whole debate
 

  _____  

From: Mike G [mailto:[email protected]] 
Sent: Wednesday, December 02, 2009 1:56 PM
To: [email protected]
Subject: Re: RE: [houcfug] loginStorage for apps



All you just sent relies on cookies being enabled.  There is a great new
function in cf called urlsessionformat
I had to add it to a new Ajax ecomm site I wrote after ie 8 came out and the
paranoid masses decided they should shop with private browsing enabled. For
some reason I never did figure out (session cookies are supposed to work in
private browsing ) when I wrapped every link with that function I stopped
having dropped sessions
via droid 


On Dec 2, 2009 1:45 PM, "Mark Davis" <[email protected]> wrote:


You *can*, but don't have to use url variables.  Appending url values to
maintain session would suck.
 
I have 

<cfapplication

name="sessionStorageTest" sessionManagement="true" loginStorage="session" />


the CFID and CFToken are still written to a cookie, but apparently, these
aren't used to uniquely identify a browser. 

http://kb2.adobe.com/cps/179/tn_17915.html

"With J2EE session management, ColdFusion uses a new variable, the
JSESSIONID, to track a user's browser session instead of CFID/CFTOKEN.
ColdFusion MX still creates the CFID and CFTOKEN values, however, but these
values are no longer used to uniquely identify browser sessions."

Now, a JSessionID value is written to the cookie also.  This, I assume, is
what is checked to maintain state.

So even with loginStorage="session" on the CFApplication tag, a value that
is in the cookie is responsible for state?  I am not seeing the benefit



  _____  

From: Mike G [mailto:[email protected]] 
Sent: Wednesday, December 02, 2009 1:30 PM
To: [email protected]
Subject: Re: [houcfug] loginStorage for apps



IMHO the reason you use session is that not everyone enables cookies.  If
you use the session, then ...

-- You received this message because you are subscribed to the "Houston
ColdFusion Users' Group" ...

-- 
You received this message because you are subscribed to the "Houston
ColdFusion Users' Group" discussion list.
To unsubscribe, send email to [email protected]
For more options, visit http://groups.google.com/group/houcfug?hl=en

-- 
You received this message because you are subscribed to the "Houston ColdFusion 
Users' Group" discussion list.
To unsubscribe, send email to [email protected]
For more options, visit http://groups.google.com/group/houcfug?hl=en

Reply via email to