Re: Do Not Include CFID & CFTOKEN in URL?

Wed, 14 Sep 2005 03:50:41 -0700 

if you are using CFLocation, make sure the attribute addtoken is set to false

HTH

On 14/09/05, Andy Mcshane <[EMAIL PROTECTED]> wrote:
> Hi all, I have searched the archives and although I see many questions & 
> answers with regards to my question I have not found a definitive one. I do 
> not want to display the CFID & CFTOKEN in my URL string.
> 
> I am running both Coldfusion MX & Coldfusion 7.
> 
> Here is a snipet of my application settings;
> 
> clientmanagement = "true"
> clientstorage = "mydatabase"
> setclientcookies = "true"
> 
> I am also using the following code to ensure that my tokens are renewed if 
> the browser is closed
> 
> <cfif isdefined("cookie.CFID") AND isdefined("cookie.CFTOKEN")>
>      <cfset localcfid = cookie.CFID>
>      <cfset localtoken = cookie.CFTOKEN>
>      <cfcookie name="CFID" value="#localcfid#">
>      <cfcookie name="CFTOKEN" value="#localtoken#">
> </cfif>
> 
> Now I think I may be confused on exactly what happens here and where my 
> tokens are being stored. I thought that my server side tokens are held within 
> my database and my client side tokens are held within cookies. If this is the 
> case why are CFID & CFTYOKEN included in my URL? Would this behaviour be 
> characteristic if cookies were disabled on the client machine (even though 
> they are enabled on my test machine)?
> 
> If I cannot remove these from my URL can anybody suggest ways of masking them 
> in the URL or even better a good method for encrypting the entire URL so 
> nothing can be tampered with?
> 
> 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Find out how CFTicket can increase your company's customer support 
efficiency by 100%
http://www.houseoffusion.com/banners/view.cfm?bannerid=49

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:218172
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

Reply via email to