If you are not using client scope, just setting J2EE session ON, should do the trick. You shouldn't have to do the manual cookie setting described. I think you understand this, but just in case the session will time-out only after the session has been idle for the allotted session timespan. If the user is active (continued requests), it won't timeout until either the browser has been closed/session logged-out, or a period of inactivity greater than or equal to your session time-out timespan. Hopefully I've got that right.
> The only issue I have now is, say one hits the site, navigates for a while > and does not close the browser, clicks on a link on the site after 5 hrs, it > still reuses the old cfid and cftoken values, even after the session expired > long back. Is there anyway we can force it to recreate these values for the > new session?? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:302903 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
