I have this site which is pointed at by several URL's ie www.aaa.com, www.bbb.com Etc.
I want to have users log in only once in any of the sites and then be able to freely switch between sites in a logged-in state. The application name is the same for all. The client can have access to the same client vars on the server if the CFID & CFTOKEN in any URL's or forms which switch between sites (ie is setting cookies pointing to the same CFID & CFTOKEN for each site) Is this a really bad idea? I can think of one serious inherent risk: copying url's with CFID & CFTOKEN in them and sending them to friends. This can be alleviated with client vars like aaaVisitedOnce = true/false, bbbVisitedOnce = true/false etc with the default false, but once true (ie after first ever visit) the cookie is set for that site so the CFID & CFTOKEN no longer needs to be passed in URL's (or forms) so the risk is reduced to only when the user has never visited the other site. or perhaps a more solid approach would be if any of my client.xxxVisitedOnce vars were false then I could include a hidden frame in the page calling a very small page from that site with the CFID & CFTOKEN so cookies get set on all "false" sites invisibly. It's the principle of sharing one CFID & CFTOKEN between many sites which I am wondering about though.... -- Regards; Richard Meredith-Hardy ------------------------------------------------------------- [EMAIL PROTECTED] Mob: + 44 7771 526513 ______________________________________________________________________ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists