MorganGreylock
Programmer
Ok folks, I've really confused myself here. I've got a site
that uses session variables to keep track of who is logged
in for various purposes. People can update their own info,
submit requests for various things, etc. My problem is that
it seems that my session variables are persisting through
browser closes. I close all instances of my browser, and
I can go to an otherwise secure (requiring login) page because
the session variable it is looking for still exists even
though I closed the browser.
I'm confused on domain cookies, client cookies, etc., and
how to use them. I had some of them turned on for a while, but here is what my application.cfm looks like now:
<cfapplication name="testapp"
clientmanagement="yes"
sessionmanagement="yes"
setclientcookies="yes"
setdomaincookies="no"
sessiontimeout="#CreateTimeSpan(0,1,0,0)#"
applicationtimeout="#CreateTimeSpan(1,0,0,0)#"
clientstorage="cookie">
To be honest, I'm hazy on the difference between client
and session. I want people to be able to login from anywhere, not caring what computer they are using. (I assume thats what client management is, so should I turn that off?)
I would use a logout feature, but I'm sure none (or very
few) of our users would actually use it. They do, however,
close their browsers when they are finished, as that has
been beaten into their heads for years.
Any help is appreciated,
MG
that uses session variables to keep track of who is logged
in for various purposes. People can update their own info,
submit requests for various things, etc. My problem is that
it seems that my session variables are persisting through
browser closes. I close all instances of my browser, and
I can go to an otherwise secure (requiring login) page because
the session variable it is looking for still exists even
though I closed the browser.
I'm confused on domain cookies, client cookies, etc., and
how to use them. I had some of them turned on for a while, but here is what my application.cfm looks like now:
<cfapplication name="testapp"
clientmanagement="yes"
sessionmanagement="yes"
setclientcookies="yes"
setdomaincookies="no"
sessiontimeout="#CreateTimeSpan(0,1,0,0)#"
applicationtimeout="#CreateTimeSpan(1,0,0,0)#"
clientstorage="cookie">
To be honest, I'm hazy on the difference between client
and session. I want people to be able to login from anywhere, not caring what computer they are using. (I assume thats what client management is, so should I turn that off?)
I would use a logout feature, but I'm sure none (or very
few) of our users would actually use it. They do, however,
close their browsers when they are finished, as that has
been beaten into their heads for years.
Any help is appreciated,
MG