RE: Killing state on browser close

Spike Thu, 15 Mar 2001 14:43:15 -0800
At 22:40 15/03/2001 Thursday, you wrote:
>Put this in application.cfm:
>
><!---If user closes browser end session --->
><cfif IsDefined("Cookie.CFID") AND IsDefined("Cookie.CFTOKEN")>
>         <cfset cfid_local = Cookie.CFID>
>         <cfset cftoken_local = Cookie.CFTOKEN>
>         <cfcookie name="CFID" value="#cfid_local#">
>         <cfcookie name="CFTOKEN" value="#cftoken_local#">
></cfif>
>
>Initially, I found this code confusing, but it makes sense... essentially
>what it does it turn regular cfid & cftoken cookies into (what I've heard
>them called) "tasty cookies", essentially session cookies that expire when
>you close your browser.  If you set a cookie with no expires date, it ends
>on browser close.

Just a note on this:

Internet Explorer maintains multiple browser windows in the same process. 
If the user right clicks and opens a window to an off site link the cookies 
will still be there if that 'child' window comes back to the site no matter 
how many sites it has been to in between. I generally check the 
http_referer to make sure that it is from the same site as well as the 
cookies. This doesn't do much to stop a determined hacker, but it does give 
more security against accidental hacks.

spike

>HTH's.
>
>Aaron Johnson, MCSE, MCP+I
>Allaire Certified ColdFusion Developer
>MINDSEYE, Inc.
><phn>617.350.0339
><fax>617.350.8884
><icq>66172567
>[EMAIL PROTECTED]
>
>
>-----Original Message-----
>From: Jason Stiefel [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, March 15, 2001 3:23 PM
>To: Spectra-Talk
>Subject: Killing state on browser close
>
>
>I know this has been asked a million times, but I've lost my code snippet
>and can't for the life of me remember how to reliably kill cookie.cfid and
>cookie.cftoken when a browser is closed.
>
>Many thx.
>
>
>
>"A little knowledge and a bit of imagination can really make a person
>cuckoo."
>
>--- unknown
>
>Jason Stiefel
>Lead Technical Architect
>NorthPoint Domain, Inc.
>One Joy Street
>Boston, MA 02108
>(617) 603-2500
>http://www.northpointdomain.com
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/spectra_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Killing state on browser close

Reply via email to
