Philip Chalmers

Subscribe to Philip Chalmers: eMailAlertsEmail Alerts
Get Philip Chalmers: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by Philip Chalmers

Browsers and what users can do with them create a minefield for Web app developers. Users can: Disable all cookies. This creates unpleasant problems for CF's session management. Do something else for half an hour and then try to resume where they left off. Now the session data has probably timed out, but your app gets a page request that assumes the session data is still available. Trample all over the dialog logic by using Back, Forward, and Refresh, or by cloning browser windows. This may create a major security hazard. Enter the site at an inner page via a search engine result, a bookmark, or a URL e-mailed to them. Hit the Submit button several times, especially if the Web or your server is running slow. They may think it's a harmless way of letting off steam. Use proxy servers that serve as much as possible from their own caches so different users get the same ... (more)

Robust CF Session Management

This is the second part of a two-article series about how to use ColdFusion to solve some common session management problems in Web applications. Part 1 contained: A summary of my recommendations Why you need cookies for session management Detecting and handling timeouts This part discusses: Back, Forward, Refresh, cloned windows, and multiple Submits Proxy servers Users who enter your site via an inner page Multiple sessions with different browsers Closing a session Back, Forward, Refresh, Cloned Windows, Multiple Submits How do you prevent users from getting confused or entering ... (more)