Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Wanet Telecoms Ltd on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Browser closing ends session trick not working

Status
Not open for further replies.
neofactor

neofactor

Technical User
Jul 30, 2000
194
US
We have set up Coldfusion to use Client variables for security. Stored in the Database.

We want the Client session to end when they close their browser. So... we added that clever trick in the application page that resets the CFID every time a page is called.

This doesn't seem to work! It worked for me in a demo site, but in our live site, it lets the user go to the page without loging in, If their session is still alive.

This is a huge problem in that we share workstations.

My boss is coming down hard, and I have no idea what the heck is wrong with it. It just keeps that CFID the same even after a restart!

Am I missing something? Please help me if you can... Monday is coming and my answer for him is... I am still looking into it.. not the answer he is looking for.

Thanks -- David McIntosh
 
Sort by date Sort by votes
Are the cfid and ctoken being stored on the users machine as cookies?
 
Upvote 0 Downvote
are you using this in your app.cfm file..

<!--- to kill session variables when user opens a new browser . . . --->

<cfif IsDefined(&quot;Cookie.CFID&quot;) AND IsDefined(&quot;Cookie.CFTOKEN&quot;)>
<cfset cfid_local = Cookie.CFID>
<cfset cftoken_local = Cookie.CFTOKEN>
<cfcookie name=&quot;CFID&quot; value=&quot;#cfid_local#&quot;>
<cfcookie name=&quot;CFTOKEN&quot; value=&quot;#cftoken_local#&quot;>
</cfif>
 
Upvote 0 Downvote
Yes.... I know that code....

That is my point. It will not work with Client variables.
Or at least not on our site! Why would it not work?

It works with session variables just fine. But not with Client variables!

-- David McIntosh
 
Upvote 0 Downvote
Where are the client variables being stored in cookies or in the registry or in a database? CFID and CFTOKEN are still stored on the client machine either as cookies as well so delete the cookies and see what happens!
 
Upvote 0 Downvote
Sorry...
In the first post I said &quot;Stored in the Database&quot;

When I delete cookies... I still have a session!

I was wondering... what do other people use for Security Checks?

Session or Client?

All the examnples I see use Session, but Ben Forta states to use Client variables when ever possible.

What is the general concensis? Do you use Session or CLient for security checks?

I am thinking of swithing back to session...



-- David McIntosh
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

cohan123
  • Locked
  • Question
Hypertext Jump function not working
Replies
0
Views
617
cohan123
cohan123
HansKok
  • Locked
  • Question
Error after only changing text and not codes
Replies
0
Views
610
HansKok
HansKok
brk1221
  • Locked
  • Question
Preview in browser - no css
Replies
3
Views
314
spamjim
spamjim
Mike Lewis
  • Locked
  • Question
Using Dreamweaver to maintain a site not created in Dreamweaver
Replies
2
Views
797
Mike Lewis
Mike Lewis
LyndonOHRC
  • Locked
  • Question
Javascript code will not execute if a cfdocument tag is in my document
Replies
1
Views
385
LyndonOHRC
LyndonOHRC

Part and Inventory Search

Sponsor

Back
Top