One way is to just add #session.urltoken# to the end of each URL. However
it opens the application to session hijacking if people share the link. I
prefer to first test for the presence of a cookie before applying the token
so I place this in the application.cfm.
<!--- ========= Start Determine if Cookies are enabled =============== --->
<cfif IsDefined("Cookie.cookieenabled")>
<cfif Cookie.cookieenabled is DayofYear(Now())>
<cfset TokenOn="No">
<cfelse>
<cfcookie name="cookieenabled" value="#DayofYear(Now())#"
expires="30">
<cfset TokenOn="Yes">
</cfif>
<cfelse>
<cfcookie name="cookieenabled" value="#DayofYear(Now())#"
expires="30">
<cfset TokenOn="Yes">
</cfif>
<!--- Now set a global urltoken to use throughout the site --->
<cflock timeout="30" throwontimeout="No" name="#LockName#">
<cfif TokenOn is "Yes">
<cfset Token="&" & #Session.URLToken#>
<cfelse>
<cfset Token=''>
</cfif>
</cflock>
<!--- ========== END Determine if Cookies are enabled
================== --->
Then at the end of each URL I add the CF variable #token# like so:
<a href="">
That way if the browser can handle cookies I don�t add the session token if
not then it gets added to each URL.
Best regards,
Dennis Powers
UXB Internet - A Web Design and Hosting Company
Wolcott, CT 06716 USA
tel: (203)879-2844 fax: (203)879-6254
http://www.uxbinternet.com/
http://dennis.uxb.net/
=============================================================
This e-mail message has been scanned and certified Virus free
=============================================================
This e-mail message has been scanned and certified Virus free
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
