Thanks Justin and Ramon, I figured it was something along these lines. It's good to know about that little checkbox for memory space ;-)
This app doesn't timeout, and there could be sessin hijacking with persistent cookies...so I just take away the possibility ;-) Cheers Bryan Stevenson B.Comm. VP & Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] --------------------------------------------------------- Macromedia Associate Partner www.macromedia.com --------------------------------------------------------- Vancouver Island ColdFusion Users Group Founder & Director www.cfug-vancouverisland.com ----- Original Message ----- From: "Buckland, Ramon" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, April 02, 2003 3:55 PM Subject: RE: Cookies and browser launch methods > Bryan, > > The tricky detail in your scenario is the non-persistent > cookie. (See note at bottom for details on persistant/non persist cookies) > > > Now, when you launch a New browser via CTRL+N, it gets > a copy of ALL the vars in memory at that time from the original > (including your non persistant cookie). > > However, when you launch a new browser via the link, it will > open up a new instance in it's own memory space and thus does > not have the cookie existing. > > The reason for the 'Taskbar' 2nd browser not running in the same memory > space as the first two is probably due to the little > tick box on the shortcut which says 'Run in seperate memory space'. > (Win2k, if it's not Win2k .. then ask Microsoft :-) > > If we wanted a web application to be able to > have mulitple logins from the same workstation, I would > use a seperate cookie name. > > <side note> > As you know, when the cookie is persistent, it is stored on disk, > for all and any instances of that browser to see. > > So if you closed > a browser (and the cookie didn't expire, and the session didn't expire) > and opened a new browser within the session/cookie timeframe, then > you will of course get the existing session. > </side note> > > hope that helps, I may be off is some places (all ?) but > from what i can tell and my experience this fits the bill. > > cheers > Ramon Buckland > > > -----Original Message----- > > From: Bryan Stevenson [mailto:[EMAIL PROTECTED] > > Sent: Thursday, 3 April 2003 8:53 AM > > To: CF-Talk > > Subject: Cookies and browser launch methods > > > > > > Hey All, > > > > I've just bumped into a situation I haven't seen before and > > am wondering if > > anyone can explain why this happens. > > > > The Situation: > > A site that uses a sessions table in the DB and stores the > > session ID in a > > non-persistent cookie once the user logs in. The site is > > colour coded based > > on the user's group. If I open a browser and login as a user > > of group A and > > then use CTRL+N to launch a new window and login as a user of > > group B, the > > second login logs me in as the first user. Now that's not > > odd, because the > > cookie's name is the same no matter what user group, so what > > happens when I > > log in as the second user is the security routine is bypassed > > (because the > > cookie already exists from the first user login) and the app > > continues as if > > the first user was logged in. > > > > Now for the weirdness. If I do the same as above EXCEPT I > > don't use CTRL+N > > to open a new window....I use the IE icon in my taskbar. > > When I do that and > > log in, I do get logged in as a user of group B (different > > colour scheme > > shows). > > > > So what is the difference where cookies are concerned when > > launching a new > > window via CTRL+N or from the taskbar? Clearly there is some sort of > > seperation when launching from the taskbar, so if anyone can > > explain it (and > > provide a solution) that would be great. > > > > I could of course have different cookie names for different > > user groups > > (which I may do anyway), but I'd really like to understand > > what's going on. > > > > BTW this has happened in IE 5.5 and 6 > > > > TIA > > > > Cheers > > > > Bryan Stevenson B.Comm. > > VP & Director of E-Commerce Development > > Electric Edge Systems Group Inc. > > t. 250.920.8830 > > e. [EMAIL PROTECTED] > > > > --------------------------------------------------------- > > Macromedia Associate Partner > > www.macromedia.com > > --------------------------------------------------------- > > Vancouver Island ColdFusion Users Group > > Founder & Director > > www.cfug-vancouverisland.com > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
