I cant work out why I never came across this before but can someone
answer this for me? Apologies for asking an age old question thats
probably been asked a million times.
This tag makes a user use a file based cookie, this means that logging
in to one site in one browser window will result in the same sesison
in a completely new instance of the browser.
<cfapplication Name="#cgi.http_host#46"
ClientManagement="Yes"
SessionManagement="Yes"
SetClientCookies="Yes"
sessiontimeout="#CreateTimeSpan(0,2,0,0)#"
ApplicationTimeout="#CreateTimeSpan(0,2,0,0)#"
>
The following combination of cfapplication and cfcookie makes an in
memory cookie. this means you can log in to site x in 2 different
browsers with 2 different logins and maintain 2 different sessions on
the same site.
<cfapplication Name="#cgi.http_host#46"
ClientManagement="Yes"
SessionManagement="Yes"
sessiontimeout="#CreateTimeSpan(0,2,0,0)#"
ApplicationTimeout="#CreateTimeSpan(0,2,0,0)#"
ClientStorage="red5_client_vars">
<cfcookie name="cfid" value="#Client.cfid#">
<cfcookie name="cftoken" value="#Client.cftoken#">
Firstly - whats the protocol as far as security here? Whats the
general consensus - do y'all do the former or the latter? Does it
depend on the application?
Secondly - this has obvious testing advantages - i.e. being able to
log in as 2 different user levels on the same site and flick to make
sure things behave right.
Thirdly - Can you do session only cookies without using the separate
cfcookie tag?
Thanks all!
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"cfaussie" group.
To post to this group, send email to cfaussie@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cfaussie?hl=en
-~----------~----~----~----~------~----~------~--~---
