Because the web is "stateless", each http request is independent of the
previous ones. So the web server (any web server, not just CF) needs a way
to establish that multiple http requests belong to the same user.
Therefore, session state needs to be maintained either by setting cookies
or by passing a unique ID in URL variables.
In Cold Fusion SESSION management, the temporary cookie only contains CFID
and CFToken, values that mean nothing except to the Cold Fusion server that
set them, having them stolen is less of a security risk than setting
discrete cookies with user specific information.
Sharon
At 12:44 PM 5/16/2000 -0700, paul smith wrote:
>Nope. You only need session vars
>to maintain a session state.
>You need to set cookies on your
>visitor's 'puter if you want them
>to be able to login automagically.
>
>best, paul
>
>At 03:04 PM 5/16/00 -0400, you wrote:
>>I thought cookies had to be enabled for session scoping to work?
>
>---------------------------------------------------------------------------
---
>Archives: http://www.eGroups.com/list/cf-talk
>To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
>
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
