This content has been marked as final. Show 4 replies
I had thought a user with disabled cookies will still be able to use session variables.
No. If the client(browser) switches off cookies, then you will be able to maintain sessions only by passing the CFID and CFTOKEN in the URL of every page in your application.
If a customer uses ANY browser with cookies disabled, sessions will not
work, unless you have taken steps to allow sessions to work without cookies.
By default, in order of CF to know what user belongs to what session
data it relies on two Cookies; CFID and CFToken. Without these cookies,
CF assumes a user is a new user and will always initiate a new session
state for them.
You can choose to pass the necessary CFID and CFToken values through the
URL rather then through cookies, but this required effort and coding an
your part to make sure the the required names and values are passed
through every single link and connection in your application. This can
also lead to session sharing if links with these values are bookmarked,
emailed or otherwise published.
Bottom line -- session state requires cookie or URL tokens to work.
BKBK is right, although it is not good practice as you leave yourself open to session high jacking. To be honest anyone who disables cookies and expects anything remotely personalised to work is in dreamland!
Thanks guys, I just found the note in the WACK about how session variable require cookies to get started.
I'll rewrite the site to check for cookie acceptance and if they're not being accept, show a "cookies required" message. Can you recommend a link to a description of a good implemenation? Its a bit tricky if you don't know what page they will enter the site- I suppose the logical place is when they first add something to their cart?