I'm writing an app that uses the CLIENT scope for state management. When somebody logs in, there are some "client" variables that are set like CLIENT.firstName and CLIENT.lastName.
The problem is that even if the end user quits the browser after being logged in and comes back to the site 10 minutes later, the user is still logged in from before. I realize that you can set a timeout on client variables, but that is stupid. The CFTOKEN and CFID need to go away when the browser closes - just it it does on any other website I can think of. How can I tell CF to set the CFID and CFTOKEN cookies as 'session' cookies, meaning that they are gone when the browser instance quits? It doesn't make any since for people to still be logged in after they quit the browser and it poses a mild security risk for what I'm trying to do. I can think of some annoying work arounds but I can't think of any elegant solutions for this problem. Thanks, Jon ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting.