[contentbox 1.0.9] ContentBox without session scope

Our current ColdBox applications run with an encrypted cookie to maintain user sessions. I’m trying to implement ContentBox for a new application, but I need to use this same process as we don’t enable session on our servers.

Any ideas how I could approach this? I’m going to try to extend the sessionStorage plugin to read/write encrypted cookies instead of the session scope. Does this sound like a reasonable and secure approach?



overriding the setvar/getvar to use cookies i think would work. could be some technical debt that could bite back in the future.

There is already a plugin for cookie storage, maybe that would be your best shot!

Also make sure that any default settings, like flash storage is switched from its default to something you can use, as flash storage defaults to session storage.