It appears that way, with Coldfusion 6.1. I stumbled across this today, so I thought I'd share what I observed.
In a nutshell, I've got a security object, which handles all the login related information and rules. Also, it is stored in the session. Of course, you wouldn't want to do that if you were planning on running on clustered servers, because of Coldfusion's
cfc serialization session issue (at least in Macromedia/Adobe's variety). But, that is beside the point.
Basically, what happens is:
- If the security object is not defined, create it
- The security object creates a cookie which stores the userID (encrypted)
- later, I check the userID by calling a method on the security object
The cookie is set to expire when the user logs out, or when they close the browser.
So what happens?
In Firefox, when the browser is closed, both the session and the cookie are destroyed, so that when the user returns, everything happens again as I originally expected.
In Internet Explorer, however, when the browser is closed, only the cookie is destroyed. When the user returns before the session would normally time out, they get an error, because the security object still exists and expects the cookie to exist too.
I wonder where the real difference lies?
Hey! Why don't you make your life easier and subscribe to the full post
or short blurb RSS feed? I'm so confident you'll love my smelly pasta plate
wisdom that I'm offering a no-strings-attached, lifetime money back guarantee!
Leave a comment
There are no comments for this entry yet.
Leave a comment
