the to retrieve the session.
Even if the spider read the CFID and CFTOKEN values, there is no way it
could then tell CF to try and map it to retrieve the session. And even
if it could, it couldn' read the value of the session var.
Burns, John D wrote:
> I'm not saying it ever receives that variable. However, CF somehow
> associates that session with that client, therefore, the spider appears
> to be a valid client. Once it has the session, what keeps it from
> posting a million times on that session? CF has to set something on the
> client (cookie or token or something) to keep the session alive, and
> couldn't the browser/spider spoof that?
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
