<!--- Use the following code to set per-session cookies instead of persistent cookies (ColdFusion TechNote 17915) --->
<cfapplication name="theAppName" sessionmanagement="YES" setclientcookies="NO" clientmanagement="NO" sessiontimeout="#CreateTimeSpan(0,0,20,0)#">
<cflock timeout="5" throwontimeout="no" type="readonly" scope="session">
<cfcookie name="CFID" value="#SESSION.CFID#">
<cfcookie name="CFTOKEN" value="#SESSION.CFTOKEN#">
</cflock>
-----Original Message-----
From: Greg Landers [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 03, 2004 11:32 PM
To: CF-Talk
Subject: User Authentication
These are probably dumb questions and think I know the answers, but I need affirmation from my peers.
Which is considered a better practice: storing user variables like customerID and customerIsAuthorized in a locked session scope; or, simply set cookies on the user's machine?
Will using the session scope greatly reduce the portability of the application? In other words, is it common to find hosts or individuals running CF server with the session variables disabled in the CF administrator?
Likewise, I know that a small percentage of the people using the Internet have their privacy settings set very tight - making cookies not the best practice to use when it comes to application functionality.
Setting cookies makes for more portable code - at the risk of sacraficing functionality, and using session variables risks losing portablility while ensuring that the application functions for every user.
Any thoughts and/or advice will be greatly appreciated.
- Greg
_____
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
