and CFToken into the URL, or you use j2ee session management.
--
Marlon Moyer, Sr. Internet Developer
American Contractors Insurance Group
phone: 972.687.9445
fax: 972.687.0607
mailto:[EMAIL PROTECTED]
www.acig.com
> -----Original Message-----
> From: Greg Landers [mailto:[EMAIL PROTECTED]
> Sent: Thursday, June 03, 2004 10:32 PM
> To: CF-Talk
> Subject: User Authentication
>
> These are probably dumb questions and think I know the answers, but I
need
> affirmation from my peers.
>
> Which is considered a better practice: storing user variables like
> customerID and customerIsAuthorized in a locked session scope; or,
simply
> set cookies on the user's machine?
>
> Will using the session scope greatly reduce the portability of the
> application? In other words, is it common to find hosts or individuals
> running CF server with the session variables disabled in the CF
> administrator?
>
> Likewise, I know that a small percentage of the people using the
Internet
> have their privacy settings set very tight - making cookies not the
best
> practice to use when it comes to application functionality.
>
> Setting cookies makes for more portable code - at the risk of
sacraficing
> functionality, and using session variables risks losing portablility
while
> ensuring that the application functions for every user.
>
> Any thoughts and/or advice will be greatly appreciated.
>
> - Greg
>
>
>
>
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
