RE: Any Security Concerns Here? Passing Token in URL [CF-Talk]

[ron]

> But as someone else on the list pointed out, I think I may have
> mistated that session variables require cookies.  That person
> (forgot the name) said that session variables are stored in the
> server's RAM anyway, so it shouldn't matter if they have their
> cookies turned on or not.

Regardless of where session variables are stored (they're in server RAM),
session variable management requires that either cookies be enabled, or you
pass the session token in the URL (or hidden form variables) on each page
request. If your shopping cart (or whatever) is depending on session
variables, and you aren't passing the token around (it's admittedly a PIA),
then you're losing customers. Hard to quantify how many, but you will lose
some.

-Ron


------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.