The reason this doesn't happen with CF cookies out of the box is that
they are not session cookies, therefore they are persisted to disk,
accessible to all MSIE processes.
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
"I have always strenuously supported the right of every man to his
own opinion, however different that opinion might be to mine. He who
denies another this right makes a slave of himself to his present
opinion, because he precludes himself the right of changing it."
-- Thomas Paine, 1783
On Aug 29, 2007, at 1:23 PM, Dean H. Saxe wrote:
Uh... that's a browser implementation not a problem with CF or the
state maintenance mechanism. Specifically, MSIE can open windows
in different processes, when this happens the memory resident
cookies (session cookies) do not get shared between browser
instances. This is configurable on Windows boxes.
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
"Great spirits have often encountered violent opposition from weak
minds."
--Einstein
On Aug 29, 2007, at 1:18 PM, <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]> wrote:
There are SOME situations where they can be a problem..if you have
a single sign on type of interface for several applications and
users can open new browser windows and *expect* to be able to go
directly to another one of their secured apps, the sessions won't
exist in the new browser and may cause problems. I'm sure there
are workarounds, but I thought I'd throw that out there. The J2EE
sessions are browser specific so opening a fresh browser will
essentially disassociate the CF session with the new browser window.
Allen
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dean H.
Saxe
Sent: Wednesday, August 29, 2007 1:12 PM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] Session variables
The J2EE session tokens have more entropy, which is always a good
thing. I too see no reason to use the old ones.
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
"Dissent is the purest form of patriotism."
--Thomas Jefferson
On Aug 29, 2007, at 12:55 PM, shawn gorrell wrote:
I guess I don't know why anyone would use the old session variables
anymore. I always use the J2EE session variables instead. Maybe
someone can enlighten me to the any benefits or trade-offs of
either choice.
----- Original Message ----
From: Charlie Arehart <[EMAIL PROTECTED]>
To: discussion@acfug.org
Sent: Wednesday, August 29, 2007 11:51:46 AM
Subject: RE: [ACFUG Discuss] Session variables
Just to clarify, this isn't something you can do at the application
level in CF8. I was under the impression myself for a while that we
could do pretty much everything at the app level now, but it's just
mappings and custom tag paths. Perhaps in a later release. :-)
So, no, the J2EE sessions mechanism is a one for all and all for
one sort of thing (unless of course one runs on Enterprise and
creates another instance).
/charlie
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas
Knudsen
Sent: Wednesday, August 29, 2007 9:30 AM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] Session variables
well...if your on CF8 I believe you can set this at the application
level. Aside from that, what is breaking? In the past I had
several apps running on a server with standard cf session vars and
turned 'use J2EE session vars' on without incident.
DK
On 8/29/07, Fennell, Mark P. <[EMAIL PROTECTED]> wrote: Greetings,
Is is possible to use J2EE session variables in one CFApplication
and
standard session variables in another?
I have a server that is running two cfapplications and one uses J2EE
variables and seems to not work so well when J2EE Sess Vars is
disabled
in cf admin. The other applications totally breaks if I have J2EE
enabled. I was hoping that, before I set about actually fixing the
problem with code that there might be some setting in the
cfapplication
tag that I can use to enable/disable j2ee vars for a specific
application... I'm completely prepared to recode, I just wanted to
check
and see if anyone had an easy way out. Thanks.
mf
-------------------------------------------------------------
Annual Sponsor FigLeaf Software - http://www.figleaf.com
To unsubscribe from this list, manage your profile @
http://www.acfug.org?falogin.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
--
Douglas Knudsen
http://www.cubicleman.com
this is my signature, like it?
-------------------------------------------------------------
Annual Sponsor - Figleaf Software
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------
-------------------------------------------------------------
Annual Sponsor - Figleaf Software
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------
-------------------------------------------------------------
Annual Sponsor - Figleaf Software
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------
-------------------------------------------------------------
Annual Sponsor FigLeaf Software - http://www.figleaf.com
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
-------------------------------------------------------------
Annual Sponsor FigLeaf Software - http://www.figleaf.com
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
-------------------------------------------------------------
Annual Sponsor FigLeaf Software - http://www.figleaf.com
To unsubscribe from this list, manage your profile @http://
www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
-------------------------------------------------------------
Annual Sponsor FigLeaf Software - http://www.figleaf.com
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
