Our current ColdBox applications run with an encrypted cookie to maintain user sessions. I’m trying to implement ContentBox for a new application, but I need to use this same process as we don’t enable session on our servers.
Any ideas how I could approach this? I’m going to try to extend the sessionStorage plugin to read/write encrypted cookies instead of the session scope. Does this sound like a reasonable and secure approach?