subject:"RE\: \[ACFUG Discuss\] Cookies..."

Re: [ACFUG Discuss] Cookies/Sessions when opening a new window in tabbed browsers

2008-07-03 Thread Cameron Childress

On Thu, Jul 3, 2008 at 12:11 PM, Bruce Hodgdon <[EMAIL PROTECTED]> wrote:
> Is there any way to force a new session,  if a user opens a new tab then
> goes to the same app that is in the first window?

Short answer - no.

> I have found that sometimes users will open a new tab and go to the same
> application basically executing the app twice from different windows.

This is a pretty common user behavior, and I (as a user) would expect
any site to handle this gracefully.

> I guess one way around this is cookieless sessions

I don't think this will do anything to solve your problem.

> Or is there a good way to tell if the user does have 2 windows open with the
> same session?

Not really.  Why don't you attack this a different way?  Since I think
the whole "open in two tabs" behavior is pretty normal, I don't think
you should try to mess with the user's experience by trying to prevent
it.

What specifically does your app do that's bad when two tabs are open?
I suspect changing the app's architecture to gracefully deal with two
open tabs will be easier, and will make for a more positive user
experience at the same time.

Frankly, if I tried to a open a site in a second tab and it prevented
me from opening the tab or reset my session, I'd think it was a poorly
designed site and be grumpy.

-Cameron

-- 
Cameron Childress
Sumo Consulting Inc
http://www.sumoc.com
---
cell: 678.637.5072
aim: cameroncf
email: [EMAIL PROTECTED]

-
To unsubscribe from this list, manage your profile @ 
http://www.acfug.org?fa=login.edituserform

For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-

RE: [ACFUG Discuss] Cookies/Sessions when opening a new window in tabbed browsers

2008-07-03 Thread axunderwood

I'll take your word for it...

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean H. Saxe
Sent: Thursday, July 03, 2008 12:50 PM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] Cookies/Sessions when opening a new window in 
tabbed browsers

Allen,

Sorry, but you are wrong here.  You cannot do that.  If the cookie is on disk, 
it is shared across all browser instances.  Session cookies
(non-persistent) may work if you can guarantee separate browser instances, 
which you can't do with tabs.

I'd suggest some reading on the basics of the HTTP protocols for further info.  
The "HTTP" book from O'Reilly is good.

-dhs


Dean H. Saxe, CISSP,  CEH
[EMAIL PROTECTED]
"[T]he people can always be brought to the bidding of the leaders.
This is easy. All you have to do is to tell them they are being attacked, and 
denounce the pacifists for lack of patriotism and exposing the country to 
danger. It works the same in every country."
 --Hermann Goering, Hitler's Reich-Marshall at the Nuremberg Trials



On Jul 3, 2008, at 12:44 PM, <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> wrote:

> Well..maybe, maybe not...
>
> Just for theoretical sake...you COULD make this work - would it be
> worth the trouble, that really depends on how many users do what was
> described below.  But, you COULD get creative...
>
> Something like this.  Let's say that there's a portal page to your
> application...you could actually force a new cfid and cftoken on that
> page and ALSO, you'd have to make sure it wasn't a temporary cookie.
> You'd have to make it a persistent cookie so that it wasn't in the
> browsers memory (otherwise they'd collide).  Then, each tab would
> basically have it's own cfid/cftoken pair that would be unique to
> those browser sessions and you could have the user running two
> different sessions at a time.  If you're not familiar with how the
> cookie is handled for the cf session, you'll definitely want to do
> some reading on that.
>
> Now, I will say with that with this approach, you may run into some
> weird things that you had not thought about before...but in theory,
> it's possible.
>
> Allen
>
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steven
> Ross
> Sent: Thursday, July 03, 2008 12:33 PM
> To: discussion@acfug.org
> Subject: Re: [ACFUG Discuss] Cookies/Sessions when opening a new
> window in tabbed browsers
>
> What you are asking to do really isn't possible because of the
> stateless nature of http because you can't tell where the user is
> coming from. If they are authenticated then the application / web
> server has no idea what client (browser window) they are coming from
> and will let them perform any task from multiple windows (unless they
> launch a completely new instance of the browser - which like you said
> would only work if you were not using cookie based authentication).
> Sounds like you just need to educate your users a bit.
>
> -Steve
>
> On Thu, Jul 3, 2008 at 12:11 PM, Bruce Hodgdon <[EMAIL PROTECTED]>
> wrote:
> Is there any way to force a new session,  if a user opens a new tab
> then goes to the same app that is in the first window?
>
> We use the pretty standard cfapplication that allows cookies and
> session management.
>
> I have found that sometimes users will open a new tab and go to the
> same application basically executing the app twice from different
> windows.But since both these windows share session variables
> this can sometimes cause problems (changes in one window effect the
> other).Executing the browser twice keeps separate sessions.
> But since this is 2 windows in the same browser the cookie that points
> to the session id is the same.
>
> I guess one way around this is cookieless sessions,  then I believe
> you would have to put the jsessionid on each url?   I don't like
> doing that.And that wouldn't stop someone from copying and
> pasting the URL to another window and having the same issue.
>
> Or is there a good way to tell if the user does have 2 windows open
> with the same session?
>
> Or other slick ways around this issue?
>
>
>
> -
> To unsubscribe from this list, manage your profile @
> http://www.acfug.org?fa=login.edituserform
>
> For more info, see http://www.acfug.org/mailinglists Archive @
> http://www.mail-archive.com/discussion%40acfug.org/
> List hosted by FusionLink
> -
>
>
>
> --
> Steven Ross
> web application & interface developer
> http://blog.stevensros

Re: [ACFUG Discuss] Cookies/Sessions when opening a new window in tabbed browsers

2008-07-03 Thread Dean H. Saxe


Allen,

Sorry, but you are wrong here.  You cannot do that.  If the cookie is  
on disk, it is shared across all browser instances.  Session cookies  
(non-persistent) may work if you can guarantee separate browser  
instances, which you can't do with tabs.


I'd suggest some reading on the basics of the HTTP protocols for  
further info.  The "HTTP" book from O'Reilly is good.


-dhs


Dean H. Saxe, CISSP,  CEH
[EMAIL PROTECTED]
"[T]he people can always be brought to the bidding of the leaders.  
This is easy. All you have to do is to tell them they are being  
attacked, and denounce the pacifists for lack of patriotism and  
exposing the country to danger. It works the same in every country."

--Hermann Goering, Hitler's Reich-Marshall at the Nuremberg Trials



On Jul 3, 2008, at 12:44 PM, <[EMAIL PROTECTED]>  
<[EMAIL PROTECTED]> wrote:



Well..maybe, maybe not...

Just for theoretical sake...you COULD make this work - would it be  
worth the trouble, that really depends on how many users do what was  
described below.  But, you COULD get creative...


Something like this.  Let's say that there's a portal page to your  
application...you could actually force a new cfid and cftoken on  
that page and ALSO, you'd have to make sure it wasn't a temporary  
cookie.  You'd have to make it a persistent cookie so that it wasn't  
in the browsers memory (otherwise they'd collide).  Then, each tab  
would basically have it's own cfid/cftoken pair that would be unique  
to those browser sessions and you could have the user running two  
different sessions at a time.  If you're not familiar with how the  
cookie is handled for the cf session, you'll definitely want to do  
some reading on that.


Now, I will say with that with this approach, you may run into some  
weird things that you had not thought about before...but in theory,  
it's possible.


Allen

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steven  
Ross

Sent: Thursday, July 03, 2008 12:33 PM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] Cookies/Sessions when opening a new  
window in tabbed browsers


What you are asking to do really isn't possible because of the  
stateless nature of http because you can't tell where the user is  
coming from. If they are authenticated then the application / web  
server has no idea what client (browser window) they are coming from  
and will let them perform any task from multiple windows (unless  
they launch a completely new instance of the browser - which like  
you said would only work if you were not using cookie based  
authentication). Sounds like you just need to educate your users a  
bit.


-Steve

On Thu, Jul 3, 2008 at 12:11 PM, Bruce Hodgdon  
<[EMAIL PROTECTED]> wrote:
Is there any way to force a new session,  if a user opens a new tab  
then goes to the same app that is in the first window?


We use the pretty standard cfapplication that allows cookies and  
session management.


I have found that sometimes users will open a new tab and go to the  
same application basically executing the app twice from different  
windows.But since both these windows share session variables  
this can sometimes cause problems (changes in one window effect the  
other).Executing the browser twice keeps separate sessions. 
But since this is 2 windows in the same browser the cookie that  
points to the session id is the same.


I guess one way around this is cookieless sessions,  then I believe  
you would have to put the jsessionid on each url?   I don't like  
doing that.And that wouldn't stop someone from copying and  
pasting the URL to another window and having the same issue.


Or is there a good way to tell if the user does have 2 windows open  
with the same session?


Or other slick ways around this issue?



-
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform

For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-



--
Steven Ross
web application & interface developer
http://blog.stevensross.com
[mobile] 404-488-4364 [fax] (404) 592-6885
[ AIM / Yahoo! : zeriumsteven ] [googleTalk : nowhiding ]
-
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform

For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-

-
To unsubscribe from this list, manage your profile @
http://w

RE: [ACFUG Discuss] Cookies/Sessions when opening a new window in tabbed browsers

2008-07-03 Thread axunderwood

Well..maybe, maybe not...

Just for theoretical sake...you COULD make this work - would it be worth the 
trouble, that really depends on how many users do what was described below.  
But, you COULD get creative...

Something like this.  Let's say that there's a portal page to your 
application...you could actually force a new cfid and cftoken on that page and 
ALSO, you'd have to make sure it wasn't a temporary cookie.  You'd have to make 
it a persistent cookie so that it wasn't in the browsers memory (otherwise 
they'd collide).  Then, each tab would basically have it's own cfid/cftoken 
pair that would be unique to those browser sessions and you could have the user 
running two different sessions at a time.  If you're not familiar with how the 
cookie is handled for the cf session, you'll definitely want to do some reading 
on that.

Now, I will say with that with this approach, you may run into some weird 
things that you had not thought about before...but in theory, it's possible.

Allen


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steven Ross
Sent: Thursday, July 03, 2008 12:33 PM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] Cookies/Sessions when opening a new window in 
tabbed browsers

What you are asking to do really isn't possible because of the stateless nature 
of http because you can't tell where the user is coming from. If they are 
authenticated then the application / web server has no idea what client 
(browser window) they are coming from and will let them perform any task from 
multiple windows (unless they launch a completely new instance of the browser - 
which like you said would only work if you were not using cookie based 
authentication). Sounds like you just need to educate your users a bit.

-Steve

On Thu, Jul 3, 2008 at 12:11 PM, Bruce Hodgdon <[EMAIL PROTECTED]<mailto:[EMAIL 
PROTECTED]>> wrote:
Is there any way to force a new session,  if a user opens a new tab then goes 
to the same app that is in the first window?

We use the pretty standard cfapplication that allows cookies and session 
management.

I have found that sometimes users will open a new tab and go to the same 
application basically executing the app twice from different windows.But 
since both these windows share session variables this can sometimes cause 
problems (changes in one window effect the other).Executing the browser 
twice keeps separate sessions.But since this is 2 windows in the same 
browser the cookie that points to the session id is the same.

I guess one way around this is cookieless sessions,  then I believe you would 
have to put the jsessionid on each url?   I don't like doing that.And that 
wouldn't stop someone from copying and pasting the URL to another window and 
having the same issue.

Or is there a good way to tell if the user does have 2 windows open with the 
same session?

Or other slick ways around this issue?



-
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform

For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink<http://www.fusionlink.com>
-



--
Steven Ross
web application & interface developer
http://blog.stevensross.com
[mobile] 404-488-4364 [fax] (404) 592-6885
[ AIM / Yahoo! : zeriumsteven ] [googleTalk : nowhiding ]
-
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform

For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink<http://www.fusionlink.com>
-



-

To unsubscribe from this list, manage your profile @ 

http://www.acfug.org?fa=login.edituserform



For more info, see http://www.acfug.org/mailinglists

Archive @ http://www.mail-archive.com/discussion%40acfug.org/

List hosted by http://www.fusionlink.com

-

Re: [ACFUG Discuss] Cookies/Sessions when opening a new window in tabbed browsers

2008-07-03 Thread Dean H. Saxe

Actually, that has nothing to do with it Steve, the issue is not one  
of state at all.  The problem is one of process isolation assuming  
we're referring to session cookies which are only retained in memory.   
IE supports a different process per browser window, Firefox does not.   
For cookies which are placed on disk, they are shared amongst all  
browser instances, even when they have separate memory footprints.


Cookieless sessions are a security flaw, due to the ease of compromise  
of the session token from the query string either on the user's system  
or via web server logs and even referer logs.


-dhs

Dean H. Saxe, CISSP,  CEH
[EMAIL PROTECTED]
"[T]he people can always be brought to the bidding of the leaders.  
This is easy. All you have to do is to tell them they are being  
attacked, and denounce the pacifists for lack of patriotism and  
exposing the country to danger. It works the same in every country."

--Hermann Goering, Hitler's Reich-Marshall at the Nuremberg Trials



On Jul 3, 2008, at 12:32 PM, Steven Ross wrote:

What you are asking to do really isn't possible because of the  
stateless nature of http because you can't tell where the user is  
coming from. If they are authenticated then the application / web  
server has no idea what client (browser window) they are coming from  
and will let them perform any task from multiple windows (unless  
they launch a completely new instance of the browser - which like  
you said would only work if you were not using cookie based  
authentication). Sounds like you just need to educate your users a  
bit.


-Steve

On Thu, Jul 3, 2008 at 12:11 PM, Bruce Hodgdon  
<[EMAIL PROTECTED]> wrote:
Is there any way to force a new session,  if a user opens a new tab  
then goes to the same app that is in the first window?


We use the pretty standard cfapplication that allows cookies and  
session management.


I have found that sometimes users will open a new tab and go to the  
same application basically executing the app twice from different  
windows.But since both these windows share session variables  
this can sometimes cause problems (changes in one window effect the  
other).Executing the browser twice keeps separate sessions. 
But since this is 2 windows in the same browser the cookie that  
points to the session id is the same.


I guess one way around this is cookieless sessions,  then I believe  
you would have to put the jsessionid on each url?   I don't like  
doing that.And that wouldn't stop someone from copying and  
pasting the URL to another window and having the same issue.


Or is there a good way to tell if the user does have 2 windows open  
with the same session?


Or other slick ways around this issue?



-
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform

For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-



--
Steven Ross
web application & interface developer
http://blog.stevensross.com
[mobile] 404-488-4364 [fax] (404) 592-6885
[ AIM / Yahoo! : zeriumsteven ] [googleTalk : nowhiding ]
-
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform

For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-




-
To unsubscribe from this list, manage your profile @ 
http://www.acfug.org?fa=login.edituserform


For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-

Re: [ACFUG Discuss] Cookies/Sessions when opening a new window in tabbed browsers

2008-07-03 Thread Steven Ross

What you are asking to do really isn't possible because of the stateless
nature of http because you can't tell where the user is coming from. If they
are authenticated then the application / web server has no idea what client
(browser window) they are coming from and will let them perform any task
from multiple windows (unless they launch a completely new instance of the
browser - which like you said would only work if you were not using cookie
based authentication). Sounds like you just need to educate your users a
bit.

-Steve

On Thu, Jul 3, 2008 at 12:11 PM, Bruce Hodgdon <[EMAIL PROTECTED]> wrote:

>  Is there any way to force a new session,  if a user opens a new tab then
> goes to the same app that is in the first window?
>
> We use the pretty standard cfapplication that allows cookies and session
> management.
>
> I have found that sometimes users will open a new tab and go to the same
> application basically executing the app twice from different windows.But
> since both these windows share session variables this can sometimes cause
> problems (changes in one window effect the other).Executing the browser
> twice keeps separate sessions.But since this is 2 windows in the same
> browser the cookie that points to the session id is the same.
>
> I guess one way around this is cookieless sessions,  then I believe you
> would have to put the jsessionid on each url?   I don't like doing that.
> And that wouldn't stop someone from copying and pasting the URL to another
> window and having the same issue.
>
> Or is there a good way to tell if the user does have 2 windows open with
> the same session?
>
> Or other slick ways around this issue?
>
>
>
> -
> To unsubscribe from this list, manage your profile @
> http://www.acfug.org?fa=login.edituserform
>
> For more info, see http://www.acfug.org/mailinglists
> Archive @ http://www.mail-archive.com/discussion%40acfug.org/
> List hosted by FusionLink 
> -




-- 
Steven Ross
web application & interface developer
http://blog.stevensross.com
[mobile] 404-488-4364 [fax] (404) 592-6885
[ AIM / Yahoo! : zeriumsteven ] [googleTalk : nowhiding ]



-
To unsubscribe from this list, manage your profile @ 
http://www.acfug.org?fa=login.edituserform

For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-

RE: [ACFUG Discuss] Cookies...

2008-03-17 Thread Charlie Arehart

OK, so you're trying to manually force a given cookie to never expire, and
yet (you say here) "the resultant cookie expires "at end of session"
(looking at it from Mozilla Firefox). "

 

So to clarify, you're not referring to CF sessions at all, but simply the
similarly named aspect of browsers that regard cookies that expire on
browser close to be called "session" cookies.  

 

As for why the cookie seems not to be set as you'd expect, I'll ask again if
you've considered any of those http debugger tools I listed. They would show
you what the browser is getting from the CF page. It seems that the browser
isn't getting the cookie header you're meaning to send. (That said, it could
also be that you did something on the page prior to the CFCOOKIE tag to
cause it to not send any more headers: this can happen with a CFFLUSH, among
other things. It used to also be that CF did not send the cookie header if
you followed the CFCOOKIE with a CFLOCATION, but that was fixed as of CF 6.)

 

/charlie

 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Monday, March 17, 2008 7:12 AM
To: discussion@acfug.org
Subject: RE: [ACFUG Discuss] Cookies...

 


Charlie: 

Here's the code: 
 

And the resultant cookie expires "at end of session" (looking at it from
Mozilla Firefox). 

Sincerely,

Brooks Wilson 

640K ought to be enough for anybody. - Bill Gates (1981) 


Sun Certified Programmer



 


 Federal Reserve Bank of Atlanta . 1000 Peachtree Street, N.E. . Atlanta
Georgia 30309-4470 
404.498.8178 . fax 404.498.8239 . [EMAIL PROTECTED]

 

  




"Charlie Arehart" <[EMAIL PROTECTED]> 
Sent by: [EMAIL PROTECTED] 

03/16/2008 02:07 PM 


Please respond to
discussion@acfug.org


To

 


cc



Subject

RE: [ACFUG Discuss] Cookies...

 






Brooks, can you be more explicit about what you mean when you say that the
cookie is "set to expire when the session closes"? Do you mean you're
experiencing that the CF session is expiring when the browser closes, and
you don't want that? If you have "Use J2EE Sessions" checked in the CF admin
(from CF 6-8), that changes the cookie used for tracking sessions from
CFID/CFTOKEN (which were indeed persistent for a very long time, to also
support client vars) to instead use a JSessionID cookie, which is set with
no expiration and therefore goes away with the browser close (depending on
the browser and how you opened the window). 
  
It can be helpful, when trying to decipher problems like this, to use a
client-side proxy tool like Fiddler, Firebug, Charles, ServiceCapture, or
others, so that you can watch for sure the cookies and their expirations
coming to the browser from the server (and going back from the browser to
the server). 
  
I offer links to those and others at the "HTTP Debugging Proxies" section of
my "Tools to Consider for CFML developers 
(nearly 400 tools in more than 40 categories)", at: 
  
 <http://carehart.org/resourcelists/tools_to_consider/#proxy>
http://carehart.org/resourcelists/tools_to_consider/#proxy, ),. 
  
/charlie 
  
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, March 14, 2008 2:51 PM
To: discussion@acfug.org
Subject: [ACFUG Discuss] Cookies... 
  

Greetings: 

I'm using cookie with expires="never", but for some reason the cookie is set
to expire when the session closes. Is there an  setting or a
CF Administrator setting the sets a maximum expiration date for cookies? 

Sincerely,
Brooks Wilson 

640K ought to be enough for anybody. - Bill Gates (1981) 

  
- 
Annual Sponsor - Figleaf Software <http://www.figleaf.com/>  

To unsubscribe from this list, manage your profile @ 
http://www.acfug.org?fa=login.edituserform 

For more info, see http://www.acfug.org/mailinglists 
Archive @ http://www.mail-archive.com/discussion%40acfug.org/ 
List hosted by FusionLink <http://www.fusionlink.com/>  
- 


- 
Annual Sponsor - Figleaf Software <http://www.figleaf.com/>  

To unsubscribe from this list, manage your profile @ 
http://www.acfug.org?fa=login.edituserform 

For more info, see http://www.acfug.org/mailinglists 
Archive @ http://www.mail-archive.com/discussion%40acfug.org/ 
List hosted by FusionLink <http://www.fusionlink.com/>  
- 




-
Annual Sponsor FigLeaf Software - http://www.figleaf.com

To unsubscribe from this list, manage your profile @ 
http://www.acfug.org?fa=login.edituserform

For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-

<><><>

RE: [ACFUG Discuss] Cookies...

2008-03-17 Thread Charlie Arehart

Thanks, Greg. I'll add those. As for adding your own, no, it doesn't support
that. But at the bottom of every list I do offer the following:

 

I welcome additions/corrections/feedback
<http://carehart.org/resourcelists/tools_to_consider/#additions> .

 

I also mention it at the top of the page. J

 

/charlie

 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of McTure, Greg
Sent: Sunday, March 16, 2008 6:45 PM
To: discussion@acfug.org
Subject: RE: [ACFUG Discuss] Cookies...

 

Thanks for the link.  Very informative and it has some quite useful tools
and utilities listed.

 

I would consider adding Perforce in the Source Control section and DB
Artician by Embarcadero under the SQL Tools.

 

Can I add these tools from the page directly?

 

  _  

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charlie Arehart
Sent: Sunday, March 16, 2008 2:02 PM
To: discussion@acfug.org
Subject: RE: [ACFUG Discuss] Cookies...

 

Brooks, can you be more explicit about what you mean when you say that the
cookie is "set to expire when the session closes"? Do you mean you're
experiencing that the CF session is expiring when the browser closes, and
you don't want that? If you have "Use J2EE Sessions" checked in the CF admin
(from CF 6-8), that changes the cookie used for tracking sessions from
CFID/CFTOKEN (which were indeed persistent for a very long time, to also
support client vars) to instead use a JSessionID cookie, which is set with
no expiration and therefore goes away with the browser close (depending on
the browser and how you opened the window).

 

It can be helpful, when trying to decipher problems like this, to use a
client-side proxy tool like Fiddler, Firebug, Charles, ServiceCapture, or
others, so that you can watch for sure the cookies and their expirations
coming to the browser from the server (and going back from the browser to
the server).

 

I offer links to those and others at the "HTTP Debugging Proxies" section of
my "Tools to Consider for CFML developers 

(nearly 400 tools in more than 40 categories)", at:

 

http://carehart.org/resourcelists/tools_to_consider/#proxy

 

/charlie

 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, March 14, 2008 2:51 PM
To: discussion@acfug.org
Subject: [ACFUG Discuss] Cookies...

 


Greetings: 

I'm using cookie with expires="never", but for some reason the cookie is set
to expire when the session closes. Is there an  setting or a
CF Administrator setting the sets a maximum expiration date for cookies? 

Sincerely,
Brooks Wilson 

640K ought to be enough for anybody. - Bill Gates (1981) 

  
- 
Annual Sponsor - Figleaf Software <http://www.figleaf.com>  

To unsubscribe from this list, manage your profile @ 
http://www.acfug.org?fa=login.edituserform 

For more info, see http://www.acfug.org/mailinglists 
Archive @ http://www.mail-archive.com/discussion%40acfug.org/ 
List hosted by FusionLink <http://www.fusionlink.com>  
- 


- 
Annual Sponsor - Figleaf Software <http://www.figleaf.com>  

To unsubscribe from this list, manage your profile @ 
http://www.acfug.org?fa=login.edituserform 

For more info, see http://www.acfug.org/mailinglists 
Archive @ http://www.mail-archive.com/discussion%40acfug.org/ 
List hosted by FusionLink <http://www.fusionlink.com>  
- 
- 
Annual Sponsor - Figleaf Software <http://www.figleaf.com>  

To unsubscribe from this list, manage your profile @ 
http://www.acfug.org?fa=login.edituserform 

For more info, see http://www.acfug.org/mailinglists 
Archive @ http://www.mail-archive.com/discussion%40acfug.org/ 
List hosted by FusionLink <http://www.fusionlink.com>  
- 




-
Annual Sponsor FigLeaf Software - http://www.figleaf.com

To unsubscribe from this list, manage your profile @ 
http://www.acfug.org?fa=login.edituserform

For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-

RE: [ACFUG Discuss] Cookies...

2008-03-17 Thread Brooks . Wilson

Charlie:

Here's the code:


And the resultant cookie expires "at end of session" (looking at it from 
Mozilla Firefox).

Sincerely,

Brooks Wilson
640K ought to be enough for anybody. - Bill Gates (1981)




 Federal Reserve Bank of Atlanta · 1000 Peachtree Street, N.E. · Atlanta 
Georgia 30309-4470 
404.498.8178 · fax 404.498.8239 · [EMAIL PROTECTED]

 



"Charlie Arehart" <[EMAIL PROTECTED]> 
Sent by: [EMAIL PROTECTED]
03/16/2008 02:07 PM
Please respond to
discussion@acfug.org


To

cc

Subject
RE: [ACFUG Discuss] Cookies...






Brooks, can you be more explicit about what you mean when you say that the 
cookie is ?set to expire when the session closes?? Do you mean you?re 
experiencing that the CF session is expiring when the browser closes, and 
you don?t want that? If you have ?Use J2EE Sessions? checked in the CF 
admin (from CF 6-8), that changes the cookie used for tracking sessions 
from CFID/CFTOKEN (which were indeed persistent for a very long time, to 
also support client vars) to instead use a JSessionID cookie, which is set 
with no expiration and therefore goes away with the browser close 
(depending on the browser and how you opened the window).
 
It can be helpful, when trying to decipher problems like this, to use a 
client-side proxy tool like Fiddler, Firebug, Charles, ServiceCapture, or 
others, so that you can watch for sure the cookies and their expirations 
coming to the browser from the server (and going back from the browser to 
the server).
 
I offer links to those and others at the ?HTTP Debugging Proxies? section 
of my ?Tools to Consider for CFML developers 
(nearly 400 tools in more than 40 categories)?, at:
 
http://carehart.org/resourcelists/tools_to_consider/#proxy, ),.
 
/charlie
 
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of 
[EMAIL PROTECTED]
Sent: Friday, March 14, 2008 2:51 PM
To: discussion@acfug.org
Subject: [ACFUG Discuss] Cookies...
 

Greetings: 

I'm using cookie with expires="never", but for some reason the cookie is 
set to expire when the session closes. Is there an  setting 
or a CF Administrator setting the sets a maximum expiration date for 
cookies? 

Sincerely,
Brooks Wilson 
640K ought to be enough for anybody. - Bill Gates (1981) 
 
- 
Annual Sponsor - Figleaf Software 

To unsubscribe from this list, manage your profile @ 
http://www.acfug.org?fa=login.edituserform 

For more info, see http://www.acfug.org/mailinglists 
Archive @ http://www.mail-archive.com/discussion%40acfug.org/ 
List hosted by FusionLink 


- 
Annual Sponsor - Figleaf Software 

To unsubscribe from this list, manage your profile @ 
http://www.acfug.org?fa=login.edituserform 

For more info, see http://www.acfug.org/mailinglists 
Archive @ http://www.mail-archive.com/discussion%40acfug.org/ 
List hosted by FusionLink 
- 
<><><>

RE: [ACFUG Discuss] Cookies...

2008-03-16 Thread McTure, Greg

Thanks for the link.  Very informative and it has some quite useful
tools and utilities listed.

 

I would consider adding Perforce in the Source Control section and DB
Artician by Embarcadero under the SQL Tools.

 

Can I add these tools from the page directly?

 



From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charlie
Arehart
Sent: Sunday, March 16, 2008 2:02 PM
To: discussion@acfug.org
Subject: RE: [ACFUG Discuss] Cookies...

 

Brooks, can you be more explicit about what you mean when you say that
the cookie is "set to expire when the session closes"? Do you mean
you're experiencing that the CF session is expiring when the browser
closes, and you don't want that? If you have "Use J2EE Sessions" checked
in the CF admin (from CF 6-8), that changes the cookie used for tracking
sessions from CFID/CFTOKEN (which were indeed persistent for a very long
time, to also support client vars) to instead use a JSessionID cookie,
which is set with no expiration and therefore goes away with the browser
close (depending on the browser and how you opened the window).

 

It can be helpful, when trying to decipher problems like this, to use a
client-side proxy tool like Fiddler, Firebug, Charles, ServiceCapture,
or others, so that you can watch for sure the cookies and their
expirations coming to the browser from the server (and going back from
the browser to the server).

 

I offer links to those and others at the "HTTP Debugging Proxies"
section of my "Tools to Consider for CFML developers 

(nearly 400 tools in more than 40 categories)", at:

 

http://carehart.org/resourcelists/tools_to_consider/#proxy, ),.

 

/charlie

 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, March 14, 2008 2:51 PM
To: discussion@acfug.org
Subject: [ACFUG Discuss] Cookies...

 


Greetings: 

I'm using cookie with expires="never", but for some reason the cookie is
set to expire when the session closes. Is there an 
setting or a CF Administrator setting the sets a maximum expiration date
for cookies? 

Sincerely,
Brooks Wilson 

640K ought to be enough for anybody. - Bill Gates (1981) 

  
- 
Annual Sponsor - Figleaf Software <http://www.figleaf.com>  

To unsubscribe from this list, manage your profile @ 
http://www.acfug.org?fa=login.edituserform 

For more info, see http://www.acfug.org/mailinglists 
Archive @ http://www.mail-archive.com/discussion%40acfug.org/ 
List hosted by FusionLink <http://www.fusionlink.com>  
- 


- 
Annual Sponsor - Figleaf Software <http://www.figleaf.com>  

To unsubscribe from this list, manage your profile @ 
http://www.acfug.org?fa=login.edituserform 

For more info, see http://www.acfug.org/mailinglists 
Archive @ http://www.mail-archive.com/discussion%40acfug.org/ 
List hosted by FusionLink <http://www.fusionlink.com>  
-



-

Annual Sponsor FigLeaf Software - http://www.figleaf.com



To unsubscribe from this list, manage your profile @ 

http://www.acfug.org?fa=login.edituserform



For more info, see http://www.acfug.org/mailinglists

Archive @ http://www.mail-archive.com/discussion%40acfug.org/

List hosted by http://www.fusionlink.com

-

RE: [ACFUG Discuss] Cookies...

2008-03-16 Thread Charlie Arehart

Brooks, can you be more explicit about what you mean when you say that the
cookie is "set to expire when the session closes"? Do you mean you're
experiencing that the CF session is expiring when the browser closes, and
you don't want that? If you have "Use J2EE Sessions" checked in the CF admin
(from CF 6-8), that changes the cookie used for tracking sessions from
CFID/CFTOKEN (which were indeed persistent for a very long time, to also
support client vars) to instead use a JSessionID cookie, which is set with
no expiration and therefore goes away with the browser close (depending on
the browser and how you opened the window).

 

It can be helpful, when trying to decipher problems like this, to use a
client-side proxy tool like Fiddler, Firebug, Charles, ServiceCapture, or
others, so that you can watch for sure the cookies and their expirations
coming to the browser from the server (and going back from the browser to
the server).

 

I offer links to those and others at the "HTTP Debugging Proxies" section of
my "Tools to Consider for CFML developers 

(nearly 400 tools in more than 40 categories)", at:

 

http://carehart.org/resourcelists/tools_to_consider/#proxy, ),.

 

/charlie

 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, March 14, 2008 2:51 PM
To: discussion@acfug.org
Subject: [ACFUG Discuss] Cookies...

 


Greetings: 

I'm using cookie with expires="never", but for some reason the cookie is set
to expire when the session closes. Is there an  setting or a
CF Administrator setting the sets a maximum expiration date for cookies? 

Sincerely,
Brooks Wilson 

640K ought to be enough for anybody. - Bill Gates (1981) 

  
- 
Annual Sponsor - Figleaf Software   

To unsubscribe from this list, manage your profile @ 
http://www.acfug.org?fa=login.edituserform 

For more info, see http://www.acfug.org/mailinglists 
Archive @ http://www.mail-archive.com/discussion%40acfug.org/ 
List hosted by FusionLink   
- 




-
Annual Sponsor FigLeaf Software - http://www.figleaf.com

To unsubscribe from this list, manage your profile @ 
http://www.acfug.org?fa=login.edituserform

For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-

Re: [ACFUG Discuss] Cookies...

2008-03-14 Thread Dean H. Saxe


Set the expires header to some date way in the future.

If this is for your session cookies I'd be very careful...

-dhs


Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
"Dissent is the purest form of patriotism."
--Thomas Jefferson



On Mar 14, 2008, at 2:51 PM, [EMAIL PROTECTED] wrote:



Greetings:

I'm using cookie with expires="never", but for some reason the  
cookie is set to expire when the session closes. Is there an  
 setting or a CF Administrator setting the sets a  
maximum expiration date for cookies?


Sincerely,
Brooks Wilson
640K ought to be enough for anybody. - Bill Gates (1981)



-
Annual Sponsor - Figleaf Software

To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform

For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-

Re: [ACFUG Discuss] Cookies/Sessions when opening a new window in tabbed browsers

RE: [ACFUG Discuss] Cookies/Sessions when opening a new window in tabbed browsers

Re: [ACFUG Discuss] Cookies/Sessions when opening a new window in tabbed browsers

RE: [ACFUG Discuss] Cookies/Sessions when opening a new window in tabbed browsers

Re: [ACFUG Discuss] Cookies/Sessions when opening a new window in tabbed browsers

Re: [ACFUG Discuss] Cookies/Sessions when opening a new window in tabbed browsers

RE: [ACFUG Discuss] Cookies...

RE: [ACFUG Discuss] Cookies...

RE: [ACFUG Discuss] Cookies...

RE: [ACFUG Discuss] Cookies...

RE: [ACFUG Discuss] Cookies...

Re: [ACFUG Discuss] Cookies...

12 matches

Site Navigation

Mail list logo

Footer information