Just got this from a friend... This is why you use the loginStorage="session"
If you use loginStorage="cookie", the authentication information is not kept in a persistent scope. Instead, the detailed login information is put in a memory-only cookie (CFAUTHORIZATION_applicationName) with a base64-encoded string that contains the user name, password, and application name. The client sends this cookie to the web server each time it makes a page request while the user is logged-in. If you do not use SSL for all page transactions, the user ID and password are not protected from unauthorized access. Sounds like a good reason to use the session scope _____ From: Mike G [mailto:[email protected]] Sent: Wednesday, December 02, 2009 2:06 PM To: [email protected] Subject: Re: RE: RE: [houcfug] loginStorage for apps I cant speak for adobe engineers, which is why I said "IMHO " <grin> via droid On Dec 2, 2009 2:03 PM, "Mark Davis" <[email protected]> wrote: so the reason for the best practice of making loginStorage = session instead of cookie is to account for the maybe .1% of users with cookies disabled? I suppose it could be....just doesn;t totally add up. Feel like I am missing something in this whole debate _____ From: Mike G [mailto:[email protected]] Sent: Wednesday, December 02, 2009 1:56 PM To: [email protected] Subject: Re: RE: [houcfug] loginStorage for apps All you just sent relies on cookies being enabled. There is a great new function in cf called urlse... > > On Dec 2, 2009 1:45 PM, "Mark Davis" <[email protected]> wrote: > > You *can*, but don... You received this message because you are subscribed to the "Houston ColdFusion Users' Group" discus... -- You received this message because you are subscribed to the "Houston ColdFusion Users' Group" ... -- You received this message because you are subscribed to the "Houston ColdFusion Users' Group" discussion list. To unsubscribe, send email to [email protected] For more options, visit http://groups.google.com/group/houcfug?hl=en -- You received this message because you are subscribed to the "Houston ColdFusion Users' Group" discussion list. To unsubscribe, send email to [email protected] For more options, visit http://groups.google.com/group/houcfug?hl=en
