so the reason for the best practice of making loginStorage = session instead of cookie is to account for the maybe .1% of users with cookies disabled? I suppose it could be....just doesn;t totally add up. Feel like I am missing something in this whole debate
_____ From: Mike G [mailto:[email protected]] Sent: Wednesday, December 02, 2009 1:56 PM To: [email protected] Subject: Re: RE: [houcfug] loginStorage for apps All you just sent relies on cookies being enabled. There is a great new function in cf called urlsessionformat I had to add it to a new Ajax ecomm site I wrote after ie 8 came out and the paranoid masses decided they should shop with private browsing enabled. For some reason I never did figure out (session cookies are supposed to work in private browsing ) when I wrapped every link with that function I stopped having dropped sessions via droid On Dec 2, 2009 1:45 PM, "Mark Davis" <[email protected]> wrote: You *can*, but don't have to use url variables. Appending url values to maintain session would suck. I have <cfapplication name="sessionStorageTest" sessionManagement="true" loginStorage="session" /> the CFID and CFToken are still written to a cookie, but apparently, these aren't used to uniquely identify a browser. http://kb2.adobe.com/cps/179/tn_17915.html "With J2EE session management, ColdFusion uses a new variable, the JSESSIONID, to track a user's browser session instead of CFID/CFTOKEN. ColdFusion MX still creates the CFID and CFTOKEN values, however, but these values are no longer used to uniquely identify browser sessions." Now, a JSessionID value is written to the cookie also. This, I assume, is what is checked to maintain state. So even with loginStorage="session" on the CFApplication tag, a value that is in the cookie is responsible for state? I am not seeing the benefit _____ From: Mike G [mailto:[email protected]] Sent: Wednesday, December 02, 2009 1:30 PM To: [email protected] Subject: Re: [houcfug] loginStorage for apps IMHO the reason you use session is that not everyone enables cookies. If you use the session, then ... -- You received this message because you are subscribed to the "Houston ColdFusion Users' Group" ... -- You received this message because you are subscribed to the "Houston ColdFusion Users' Group" discussion list. To unsubscribe, send email to [email protected] For more options, visit http://groups.google.com/group/houcfug?hl=en -- You received this message because you are subscribed to the "Houston ColdFusion Users' Group" discussion list. To unsubscribe, send email to [email protected] For more options, visit http://groups.google.com/group/houcfug?hl=en
