I have different problem regarding Reconnecting Session.
If user gives valid password then I should reconnect
session and restore values of variable.
Is there any way to do it?
Thanks in Advance.
-----Original Message-----
From: Allen <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Sunday, April 16, 2000 12:26 AM
Subject: Re: Am I Missing Something?
>Aren't there some security issues involved in passing the CFID & CFTOKEN in
>the URL? It's been awhile now, but I recall one of my co-workers playing
>with bookmarking pages, etc. and being able to get in without using the
>username / password. My memory is a bit fuzzy on this one, though.
>
>-Allen
>
>----- Original Message -----
>From: Byron M <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Thursday, April 13, 2000 11:55 PM
>Subject: RE: Am I Missing Something?
>
>
>> Basically that is correct, you could do it with vars stored in a db, but
>you
>> would still have to add some sort of id to the URL.
>>
>> We started to put #session.URLToken# to the end of all URL's this
variable
>> adds cfid=9394&cftoken=85904830 to the URL.
>>
>> I just thought of this. If you have session variables that are
>initialized
>> with each session in say an Application.cfm file and users have cookies
>> turned off then you are initializing session vars for every page hit for
>> that user, and the old ones have to wait to timeout. So in actuality you
>> will be saving all so precious server resources by passing the id and
>token
>> to every page, which should in turn win you the admiration of your peers
>and
>> a huge raise because those processor and memory upgrade dollars could be
>> used elsewhere. :)
>>
>>
>> -----Original Message-----
>> From: Eric Dawson [mailto:[EMAIL PROTECTED]]
>> Sent: Thursday, April 13, 2000 11:38 PM
>> To: [EMAIL PROTECTED]
>> Subject: Re: Am I Missing Something?
>>
>>
>> as far as I know the only way to pass a session from page to page is
>either
>> through a cookie or a url variable. If cookies are turned off you need to
>> manually code the CFID and CFTOKEN variables to the URL to ensure you
pass
>> them from page to page.
>>
>> Please correct me if I am wrong.
>>
>> Eric
>>
>> From: Kelly Matthews <[EMAIL PROTECTED]>
>> Reply-To: [EMAIL PROTECTED]
>> To: "'[EMAIL PROTECTED] '" <[EMAIL PROTECTED]>
>> Subject: Am I Missing Something?
>> Date: Thu, 13 Apr 2000 21:26:31 -0400
>>
>> Ok I am somewhat new to CF but something doesn't seem to be right.
>> I have a section of our site that is secure, for members only. I
>> have written the app to write a cookie so they don't have to login in the
>> future. That part works fine.
>>
>> Now I just wanted to see what happened if someone had cookies turned off,
>> and of course even you can log in but the minute you try to go to a 2nd
>page
>> it loops back to the log in.
>>
>> Now before I implemented the cookies I did have session management on set
>to
>> about 30 minutes, which is still on, so people wouldnt have to relog in,
>> that worked fine. But with cookies off session management stops working
>too.
>> Does session management work only with cookies?
>>
>> I tried something else, turned client management on, and used a database
>for
>> clientstorage, instead of the registry or cookies, just to test it out,
>but
>> that didn't keep them logged in either. I must be missing something but
>isnt
>> there a way to open and maintain a session without cookies? I changed
>> setclientcookies to "no" but as long as my browser cookies are off I
still
>> can't get in.
>>
>> Point is they get logged in and get to the first page after the login
page
>> but if they try to go anywhere else they get kicked back to the login
>page,
>> which from the app.cfm below leads me to beleive its
>> not setting Session.Loggedin, and the only difference is that I turned my
>> browser cookies off. Guess I just want to find out if Session.Loggedin
>HAS
>> to be set in a cookie or somewhere can i define it to be set a different
>> way. The client variables were however writing to the datasource with no
>> problem.
>>
>> Any help would be appreciated.
>> Below is my Application.cfm
>> I have tried all 3 client storage methods.
>> and with setclientcookies on and off.
>>
>> <cfapplication name="Members"
>> CLIENTSTORAGE="Clients"
>> clientmanagement="Yes"
>> sessionmanagement="Yes"
>> setclientcookies="NO"
>> sessiontimeout="#CreateTimeSpan(0,0,30,0)#">
>>
>> <CFIF NOT IsDefined("Session.LoggedIn")>
>> <CFLOCATION URL="login/login.cfm">
>> <CFELSEIF Session.loggedin IS "0">
>> <CFLOCATION URL="login/login.cfm">
>> </cfif>
>>
>>
>> -------------------------------------------------------------------------
-
>--
>> --
>> Archives: http://www.eGroups.com/list/cf-talk
>> To Unsubscribe visit
>> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk
or
>> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
>> the body.
>>
>> ______________________________________________________
>> Get Your Private, Free Email at http://www.hotmail.com
>>
>> -------------------------------------------------------------------------
-
>--
>> --
>> Archives: http://www.eGroups.com/list/cf-talk
>> To Unsubscribe visit
>> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk
or
>> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
>> the body.
>>
>>
>> -------------------------------------------------------------------------
-
>----
>> Archives: http://www.eGroups.com/list/cf-talk
>> To Unsubscribe visit
>http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
>send a message to [EMAIL PROTECTED] with 'unsubscribe' in
>the body.
>
>---------------------------------------------------------------------------
---
>Archives: http://www.eGroups.com/list/cf-talk
>To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
