Hi

I have a webservice that takes a username and password to create a sessionkey,
for use with other webservices, this session key has a timeout of 30 mins.
Without having to make the user log back into the site every half hour I have
st up a session scope that checks the login time session expiry time (login
+29mins), username, password and obviously the sessionkey itself for access
through out the site. In the application.cfm, I have set a check of the login
time and expiry, then run the webservice that checks the username and password
in the session bringing back a new session key with the times reset and so it
goes on. This works very well but the problem I have is that it is probably
not a good Idea to set the username and pasword in the session scope is it true
that this is not very secure and is there a better way outside of storing it in
a database to make these variables available through out the site when the
session expires. Code attached is the call to the service from application.cfm
when the expiry time is reached.

Thanks
MW


<cfif #now()# GTE #SESSION.iress.SessionExpiry#>
<cftry>
<cfscript>
oLogon = createObject("component", "services.iress.logon");
stClient = oLogon.login(username="#SESSION.iress.username#",
password="#SESSION.iress.password#");
</cfscript>
<cfcatch>
<cfrethrow />
</cfcatch>
</cftry>
<cfelse>

</cfif>