I receive questions from time-to-time from folks reading my blog entries or working through my tutorials and typically these don't wind up as blog posts themselves. But they should. And to help with my goal of increasing my blog post count for 2009 I'm going to start blogging these more. Since everyone is doing the "Ask Bob" thing I thought I'd veer from the norm and put these types of posts into a new category called Aaron Answers. To begin the category of posts here's a few questions from Irv concerning my ColdFusion 7 Secure Login tutorial.

Continue Reading

Aaron West's Gravatar
About this post:

This entry was posted by Aaron West on January 7, 2009 at 2:00 PM. It was filed in the following categories: ColdFusion, Aaron Answers, Ajax. It has been viewed 6386 times and has 4 comments.

4 Responses to Aaron Answers: Secure login tutorial and jsessions

  1. Using J2EE sessions does cause the session to end when the browser is closed, because it uses a session cookie (that's session in the browser sense, not the CF sense) as opposed to a persistent cookie with an explicit expiration time/date.

    You can also easily add code to handle the cookies differently so the session is terminated when the browser closes even if you don't use J2EE sessions.

  2. @Matt - Thanks for the comment on the inner workings of J2EE sessions. As far as your last sentence goes, can you provide some examples that might help folks reading this entry?

    I've personally never dealt with any server-side code that tried to clear/expire a session when the browser was closed. I believe the persists attribute of CFCOOKIE is designed to control this behavior though.

  3. This does the trick (use in OnRequestStart() in Application.cfc, or in Application.cfm):
    <cfif StructKeyExists(session, "cfid") AND (NOT StructKeyExists(cookie, "cfid") OR NOT StructKeyExists(cookie, "cftoken"))>
    <cfcookie name="cfid" value="#session.cfid#" />
    <cfcookie name="cftoken" value="#session.cftoken#" />

  4. Very cool, super simple. Makes perfect sense. Thanks Matt.