[thelist] Two or more sessions on same pc (coldfusion)

[Raymond Camden]

> 
> When a user first comes to the site we set up their
> session (login authentication etc), the cookie 'passes' each 
> request with the cfid and cftoken but this seems to be the 
> same on any number of sessions (browser window launches) on the 
> same PC (thus killing a session in one window kills both of 
> them). Looks like this is a limitation of using cookies.

This isn't a limitation per se, it's just how cookies work. They are
unique per machine, not browser instance. At least as far as I know.

> I was thinking of manually tracking the cfid/cftoken pair
> via urls/form submissions but this will open up
> security issues (and if people open new windows from the 
> original window (like right-clicking/open) it will retain the 
> original cfid/cftoken pair.

Well, then you are stuck. You either use cookies, or URL params. Each
has it's.... "issues." ;) I'd use URL params and just deal with the fact
that people can copy the URL.

-RC