Hi all, I have searched the archives and although I see many questions &
answers with regards to my question I have not found a definitive one. I do not
want to display the CFID & CFTOKEN in my URL string.
I am running both Coldfusion MX & Coldfusion 7.
Here is a snipet of my application settings;
clientmanagement = "true"
clientstorage = "mydatabase"
setclientcookies = "true"
I am also using the following code to ensure that my tokens are renewed if the
browser is closed
<cfif isdefined("cookie.CFID") AND isdefined("cookie.CFTOKEN")>
<cfset localcfid = cookie.CFID>
<cfset localtoken = cookie.CFTOKEN>
<cfcookie name="CFID" value="#localcfid#">
<cfcookie name="CFTOKEN" value="#localtoken#">
</cfif>
Now I think I may be confused on exactly what happens here and where my tokens
are being stored. I thought that my server side tokens are held within my
database and my client side tokens are held within cookies. If this is the case
why are CFID & CFTYOKEN included in my URL? Would this behaviour be
characteristic if cookies were disabled on the client machine (even though they
are enabled on my test machine)?
If I cannot remove these from my URL can anybody suggest ways of masking them
in the URL or even better a good method for encrypting the entire URL so
nothing can be tampered with?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Find out how CFTicket can increase your company's customer support
efficiency by 100%
http://www.houseoffusion.com/banners/view.cfm?bannerid=49
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:218162
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
