10 of 14
Personally, I require cookies on all of my sites and then provide
adequate security and cookie information to the users who are
refusing or unable to accept cookies so they know why we require
them. I prefer setting CFID and CFTOKEN to a "session-only" cookie
so that the session is destroyed when users close their browsers:
<CFCOOKIE NAME="CFID"
VALUE="#CFID#">
<CFCOOKIE NAME="CFTOKEN"
VALUE="#CFTOKEN#">
I then detect whether users are able/willing to accept cookies,
and redirect them to an information page if they are not, using
JavaScript:
<SCRIPT>
document.cookie =
'CookiesEnabled=1';
if (document.cookie ==
''){
document.location.href='myCookieInfoPage.htm';}
</SCRIPT>
You can choose any method you like to detect whether browser
cookies are enabled. (First you'll need to decide for yourself
whether or not cookies should be a function of your application,
based upon your user demographics and other factors.)
Notice that in the CFAPPLICATION tag above, we have set the value
for CLIENTSTORAGE equal to the data source name that we configured
in Step 1. If this is not specified, and any one of the servers in
the cluster is not configured to use your database as the Default
Client Variable Storage location, then you may get unexpected
results because your client variables will end up someplace other
than in your database (most likely the registry, which is the
default location). In my opinion, it's safest to distinctly specify
the CLIENTSTORAGE value.
Existing Session Variable Code
If you're
designing a new application, simply set and retrieve all the
variables that you would have scoped as session, using the client
scope instead. Some examples:
<CFSET Client.IsLoggedIn =
1>
<CFOUTPUT>#Client.IsLoggedIn#</CFOUTPUT>
<CFIF
NOT Client.IsLoggedIn>
<CFLOCATION
URL="notloggedin.cfm"
addtoken="no">
</CFIF>
10 of 14