[thelist] CF: cflocation/cfcookie workaround

Rory.Plaire at wahchang.com Rory.Plaire at wahchang.com
Mon Nov 26 10:40:50 CST 2001


+| <!--- Delete the cookies --->
+|     <cfcookie name="CFID" value="value" expires="now">
+|     <cfcookie name="CFTOKEN" value="value" expires="now">
+| 
+| <!--- Add a meta refresh to the head --->
+|     <cfhtmlhead text='<meta http-equiv="refresh" 
+| content="0;TheNewPage.html">'>
+| 
+| 
+| This strikes me as one big-ass mother of a kludge. I still welcome 
+| alternative/better solutions.

Frank,

I think that this is a kludge that has some merit. A 302 header, which is
what the cflocation does, basically tells the browser, we're sorry, but the
number you have dialed has been changed, the new number is ... . The
browser, apparently without missing much more than a few clock ticks,
redirects to the new location. Sending the headers, therefore, may result in
inaccurate data, or in some conceivable circumstance a security hole. Why
not just chuck them? This is what CF does. (I wonder if other servers do it
too, since a lot of times, especially at MS sites, there are zero-time
redirs -- indicating either a 302 or a 0 second meta refresh. Could be
similar cookie setting going on...)

I use the meta tag as a solution... since I can't think of a browser which
doesn't comply with it (though now someone will likely shake me out of my
comfortable little fantasy world 8). It works. Another solution would be to
redesign the site to not do a cflocation and set cookies at the same time...
like a splash or intro page which sets the cookies and also lets the user
get down to business with a click.

<rory disposition="if you want to sleep well at night, don't sleep in your
car" alt="8)">




More information about the thelist mailing list