Our customer has discovered the CFID & CFTOKEN cookies, again, and gotten upset, again. We're being gigged on "persistent cookies" and how there's not supposed to be any tracking going on.
Besides the obvious bit about CFID & CFTOKEN not being anti-privacy tracking information, I thought I'd try session cookies (expiring at the end of the browser session). So I set setclientcookies to no, and used the client CFID & CFTOKEN vars to set my own cookies that expire at the end of the session (see code below). This seems simple and robust - anyone have any comments or concerns? thanks, Chris Norloff Dangerous Persistent-Cookie-Setter <cfapplication name="applicationname" sessionmanagement="Yes" sessiontimeout="#CreateTimeSpan(2,0,0,0)#" applicationtimeout="#CreateTimeSpan(1,0,0,0)#" setclientcookies="No" clientmanagement="Yes" > <cfcookie name="CFID" value="#client.CFID#"> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists