> Client.userId=123456 > > Now, the user has no way to change that... Now, lets > say I store it in the cookie...
If your site is running on any kind of traffic, you should probably be using session variables for this kind of thing anyway. > <Cfcookie name="userId" value="123456"> > > Now, the user can examine their cookies and know their > userid. Worse, they can change the userid, and be > logged in as a different user. Using an ID in a cookie in combination with something else, like a unique session hash cookie that changes upon login and gets checked against the database on every page load, you would be okay. Session variables are still more efficient in most cases though. -Justin Scott ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:225501 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54