> 1. Set "Use UUID for CFTOKEN" (or is it CFID?) in the admin. > 2. Set "Use J2EE Session Variables" in the admin. > > Take advantage of the underlying session machinery.
If you do both of these, only one will have any effect. Using J2EE session variables will cause CF to create a single state-management cookie, JSESSIONID, instead of two, CFID and CFTOKEN. Also, you may run into an issue with J2EE session variables, if you're also using IIS, that will cause problems with CFLOCATION redirecting to non-CF URLs on the same server. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
