I cant work out why I never came across this before but can someone answer this for me? Apologies for asking an age old question thats probably been asked a million times.
This tag makes a user use a file based cookie, this means that logging in to one site in one browser window will result in the same sesison in a completely new instance of the browser. <cfapplication Name="#cgi.http_host#46" ClientManagement="Yes" SessionManagement="Yes" SetClientCookies="Yes" sessiontimeout="#CreateTimeSpan(0,2,0,0)#" ApplicationTimeout="#CreateTimeSpan(0,2,0,0)#" > The following combination of cfapplication and cfcookie makes an in memory cookie. this means you can log in to site x in 2 different browsers with 2 different logins and maintain 2 different sessions on the same site. <cfapplication Name="#cgi.http_host#46" ClientManagement="Yes" SessionManagement="Yes" sessiontimeout="#CreateTimeSpan(0,2,0,0)#" ApplicationTimeout="#CreateTimeSpan(0,2,0,0)#" ClientStorage="red5_client_vars"> <cfcookie name="cfid" value="#Client.cfid#"> <cfcookie name="cftoken" value="#Client.cftoken#"> Firstly - whats the protocol as far as security here? Whats the general consensus - do y'all do the former or the latter? Does it depend on the application? Secondly - this has obvious testing advantages - i.e. being able to log in as 2 different user levels on the same site and flick to make sure things behave right. Thirdly - Can you do session only cookies without using the separate cfcookie tag? Thanks all! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "cfaussie" group. To post to this group, send email to cfaussie@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en -~----------~----~----~----~------~----~------~--~---