Cookies are normally saved to the client's hard drive in a text file. To ensure that a user's session ends when they close their browser, save the cfid and cftoken values as per-session cookies instead. Per-session cookies aren't written as a text file to the users's computer; they are stored in memory and are deleted when the browser is closed. If a new browser window is opened and they revisit the same ColdFusion web site, the cfid and cftoken values that previously identified them no longer exist, causing ColdFusion to create a new session for that user.
<cfapplication
name="myapp"
sessionmanagement="Yes"
setclientcookies="No">
<cfif not IsDefined("cookie.cfid")>
<cflock scope="session" type="readonly" timeout="5">
<cfcookie name="cfid" value="#session.cfid#">
<cfcookie name="cftoken" value="#session.cftoken#">
</cflock>
</cfif>
Reference: http://kb2.adobe.com/cps/179/tn_17915.html
http://www.thenetprofits.co.uk/coldfusion/faq/topic.cfm
http://www.adobe.com/devnet/coldfusion/articles/dev_security/coldfusion_security_cf8.pdf
Subscribe to:
Post Comments (Atom)
I want to accomplish the opposite, how do i do it?
ReplyDeleteI want the TOKEN and ID to remain after user closes browser so that when he revisits page i can use #session.UsersInfo# and it knows his old info