Hi,
A client has asked if I can never timeout a users session unless they
logout. They made reference to Facebook on your phone as an example - it
doesn’t timeout.
Does anybody have any advice on the best way to accomplish this? Cookie
based authentication that doesn’t expire?
Thanks
yep, add your own cookie which you can build a session from, if the user
isn’t logged in,
init a session from the record in your db which records the cookie, user etcOn Wed, Dec 7, 2016 at 2:50 AM, Risto <@Risto> wrote:
Hi,
A client has asked if I can never timeout a users session unless they
logout. They made reference to Facebook on your phone as an example - it
doesn’t timeout.Does anybody have any advice on the best way to accomplish this? Cookie
based authentication that doesn’t expire?Thanks
–
You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/
msgid/lucee/b487b4ff-2234-433f-8026-21763456f562%40googlegroups.com
https://groups.google.com/d/msgid/lucee/b487b4ff-2234-433f-8026-21763456f562%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.
–
Zac Spitzer
+61 405 847 168
There are some additional things you should consider if security is
important to the application, for example:
Spend a few minutes googling “remember me cookie security” and you will
find lots more info.–
Pete Freitag
https://foundeo.com/ http://foundeo.com/ - ColdFusion Consulting &
Products
http://hackmycf.com - CFML Server Security Scanner
Thanks Pete. Good info. I asked in the first place because to me
authenticate and never expire don’t belong in the same sentence.