"I'm sure it's something to do with the app running in a virtual directory"
On a related note, can you explain this, or is this applicable to your
problem? Got a site with roughly this structure:
Root
- sub-directory
-- virtual directory
The root and sub-directory each have application.cfm, with the same
application name. The virtual directory doesn't have an application.cfm
file. The sub-directory uses session logins to prevent unauthorised
access.
The virtual directory doesn't seem to use the application.cfm of the
sub-directory (I'm guessing instead of traversing upwards through the site
for the application.cfm, it's doing it through it's own folder structure
which bears no relation to the website structure). So anyone can go to
site/sub-directory/virtual-directory/ effectively bypassing the security
placed on the sub-directory.
I'm sure there's a straightforward way round this (give each virtual
directory an application.cfm similar to that in the sub-directory).
"Mark Woods"
<[EMAIL PROTECTED] To: <[EMAIL PROTECTED]>
e.ie> cc:
Subject: RE: [ cf-dev ] IE and
per-session cookies
27/07/2004
15:09
Please
respond to
dev
>I don't see any problems with the response you are getting.
>
>But just in case this is of any use, below is the code I normally use to
>clear sessions on browser close and it seems to work fine regardless of
>browser.
>
><cfif IsDefined( "Cookie.CFID" ) AND IsDefined( "Cookie.CFTOKEN" )>
> <cfset localCFID = Cookie.CFID>
> <cfset localCFTOKEN = Cookie.CFTOKEN>
> <cfcookie name="CFID" value="#localCFID#">
> <cfcookie name="CFTOKEN" value="#localCFTOKEN#">
></cfif>
I have tried that too, but same end result in IE. I'm sure it's something
to do with the app running in a virtual directory.
BTW, if you leave setClientCookies set to yes for the application and then
use the code snippet above, the client will receive two cfid cookies and
two cftoken cookies. This doesn't cause any problems as the latest cookie
value is the one accepted by the client - I'm just explaining why I
setClientCookies to no and use session.cfid and session.cftoken
Mark
--
These lists are syncronised with the CFDeveloper forum at
http://forum.cfdeveloper.co.uk/
Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/
CFDeveloper Sponsors and contributors:-
*Hosting and support provided by CFMXhosting.co.uk* :: *ActivePDF provided
by activepdf.com*
*Forums provided by fusetalk.com* :: *ProWorkFlow provided by
proworkflow.com*
*Tutorials provided by helmguru.com* :: *Lists hosted by
gradwell.com*
To unsubscribe, e-mail: [EMAIL PROTECTED]
--
These lists are syncronised with the CFDeveloper forum at
http://forum.cfdeveloper.co.uk/
Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/
CFDeveloper Sponsors and contributors:-
*Hosting and support provided by CFMXhosting.co.uk* :: *ActivePDF provided by
activepdf.com*
*Forums provided by fusetalk.com* :: *ProWorkFlow provided by proworkflow.com*
*Tutorials provided by helmguru.com* :: *Lists hosted by gradwell.com*
To unsubscribe, e-mail: [EMAIL PROTECTED]
