[thelist] cold fusion cookie question
.jeff
jeff at members.evolt.org
Tue Jul 24 16:14:39 CDT 2001
rudy,
:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
: From: rudy
:
: also, somebody please tell me is there any
: serious downside to handling user session
: management using only url variables, as in
:
: foo.cfm?CFID=123456&CFTOKEN=12345678
:
: (other than, of course, it being butt ugly)
:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sure, a user can send a url to a friend causing the friend to become part of
the same session.
:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
: naturally, i'm not worried about urls like
: this getting indexed in search engines, because
: they would never hit the login script and get
: the cfid/cftoken assigned, right?
:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
that would depend on how you have your site setup. if you've got it setup
to append the url tokens immediately, then yes, the search engine would get
them. however, if you setup the site to only append them to the url when
needed (ie, after login) then search engines would never see them (since
they don't submit forms).
:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
: cookies sounded so neat, until today
:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
if it's to maintain a session, then why not just let the cf server handle
setting them for you? enable session variables in your <cfapplication> tag
and enable session cookies.
<cfapplication
name="rudyca"
sessionmanagement="Yes"
setclientcookies="Yes"
sessiontimeout="#CreateTimeSpan(0,2,0,0)#"
>
good luck,
.jeff
http://evolt.org/
jeff at members.evolt.org
http://members.evolt.org/jeff/
More information about the thelist
mailing list