All the places that I am using cflocation have addtoken="no". The CFID & CFTOKEN are appearing in the URL regardless of whether I use cflocation or not :-( I am getting real hassle from a customer who for some reason is insisting that they are visible in the URL and I cannot get rid of them, please help!
Oh, by the way, cookies will always be on, they cannot access the site without them being switched on. -----Original Message----- From: Andrew Scott [mailto:[EMAIL PROTECTED] Sent: 14 September 2005 11:56 To: CF-Talk Subject: RE: Do Not Include CFID & CFTOKEN in URL? If your CFID & CFToken are in the url then you have used cflocation without the attribute addtoken="False". On a side note these are normally used in the url for people who have cookies disabled, so if your not worried about this then set all your addtoken="false" in your code. Otherwise you will need to look at a way of handling people who have cookies switched off as well. Regards, Andrew Scott Quote of the Day: If the colleges were better, if they really had it, you would need to get the police at the gates to keep order in the inrushing multitude. See in college how we thwart the natural love of learning by leaving the natural method of teaching what each wishes to learn, and insisting that you shall learn what you have no taste or capacity for. The college, which should be a place of delightful labour, is made odious and unhealthy, and the young men are tempted to frivolous amusements to rally their jaded spirits. I would have the studies elective. Scholarship is to be created not by compulsion, but by awakening a pure interest in knowledge. The wise instructor accomplishes this by opening to his pupils precisely the attractions the study has for himself. The marking is a system for schools, not for the college; for boys, not for men; and it is an ungracious work to put on a professor. - Ralph Waldo Emerson -----Original Message----- From: Andy Mcshane [mailto:[EMAIL PROTECTED] Sent: Wednesday, 14 September 2005 6:51 PM To: CF-Talk Subject: Do Not Include CFID & CFTOKEN in URL? Hi all, I have searched the archives and although I see many questions & answers with regards to my question I have not found a definitive one. I do not want to display the CFID & CFTOKEN in my URL string. I am running both Coldfusion MX & Coldfusion 7. Here is a snipet of my application settings; clientmanagement = "true" clientstorage = "mydatabase" setclientcookies = "true" I am also using the following code to ensure that my tokens are renewed if the browser is closed <cfif isdefined("cookie.CFID") AND isdefined("cookie.CFTOKEN")> <cfset localcfid = cookie.CFID> <cfset localtoken = cookie.CFTOKEN> <cfcookie name="CFID" value="#localcfid#"> <cfcookie name="CFTOKEN" value="#localtoken#"> </cfif> Now I think I may be confused on exactly what happens here and where my tokens are being stored. I thought that my server side tokens are held within my database and my client side tokens are held within cookies. If this is the case why are CFID & CFTYOKEN included in my URL? Would this behaviour be characteristic if cookies were disabled on the client machine (even though they are enabled on my test machine)? If I cannot remove these from my URL can anybody suggest ways of masking them in the URL or even better a good method for encrypting the entire URL so nothing can be tampered with? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:218179 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
