Check the help on urlSessionFormat, I think there's a switch to turn off the token append.
best,
Chris Norloff
---------- Original Message ----------------------------------
From: Jamie Jackson <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date: Tue, 12 Oct 2004 17:10:33 -0400
>I've got a couple questions about session.urlToken under J2EE
>sessions:
>
>When J2EE sessions are enabled, why does session.urlToken bother with
>CFID/CFTOKEN anymore. The fact that both are there confuses me. I
>wonder which takes precedence? Do I lose the extra security that the
>uniqueness of jsessionID affords (i.e. can someone still hack the
>CFID/CFTOKEN and hijack a session)?
>
>Also, I'm using urlSessionFormat, and am getting the urltoken
>appended, even with cookies turned on. Any suggestions as to how to
>troubleshoot this?
>
>Thanks,
>Jamie
>
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
