Our customer has discovered the CFID & CFTOKEN cookies, again, and gotten upset,
again. We're being gigged on "persistent cookies" and how there's not supposed to be
any tracking going on.
Besides the obvious bit about CFID & CFTOKEN not being anti-privacy tracking
information, I thought I'd try session cookies (expiring at the end of the browser
session).
So I set setclientcookies to no, and used the client CFID & CFTOKEN vars to set my own
cookies that expire at the end of the session (see code below).
This seems simple and robust - anyone have any comments or concerns?
thanks,
Chris Norloff
Dangerous Persistent-Cookie-Setter
<cfapplication name="applicationname"
sessionmanagement="Yes"
sessiontimeout="#CreateTimeSpan(2,0,0,0)#"
applicationtimeout="#CreateTimeSpan(1,0,0,0)#"
setclientcookies="No"
clientmanagement="Yes"
>
<cfcookie name="CFID" value="#client.CFID#">
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
