I have been programming in CF for about a year now and am still confused
about the whole CFID & CFTOKEN thing. Most of what I have done involves
internal corporate reporting, so I already have a user database with UserIDs
that I use to recognize the user. Therefore I've had little need for CF
generated IDs.
I understand the basic concept CFID & CFTOKEN (please correct any flawed
thinking):
1. Assign a unique CFID & CFTOKEN pair to a new web user.
2. Either store them as cookies, a database or pass them from page to page
via the URL string to identify the user.
Maybe I'm off base, but I see a number of potential problems/issues:
1. If you have a login in your app, your users will not use the CFID to
login, but rather a UserName/UserID of some sort. If that is the case why
duplicate the identifying info by maintaining both a UserName/UserID and a
CFID?
2. I the user logs in from a different computer, s/he will be assigned a new
CFID & CFTOKEN, correct? How does that serve to identify the user? Having a
basic login with a chosen userid (one they can hopefully remember, "smithj",
rather than CFID=23451) seems to do the trick just fine.
I guess my main question is "if" you have to maintain a separate UserID from
CFID & CFTOKEN, why use them at all. If you don't need to maintain a
separate UserID, How would you log a user into an application? with their
CFID?
Just a bit confused about how this fits together. Any clarification would be
great?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
