>There is nothing that requires you to pass CFID CFTOKEN in URL unless >you are not using cookies or something.
True, but what if you want to support users with cookies either on or off? My approach is to do a cookie check and add the CFID/CFTOKEN if they are turned off...but to also do a browser check (cgi.http_user_agent) and exclude any that have a common search engine string in them. That seems to do the trick 95% of the time....and is also useful for generating error messages (or not) as well, since some search engines seem particularly good at coming up with very misformed URLs. -------------------- Mary Jo Sminkey http://www.cfwebstore.com CFWebstore, ColdFusion E-commerce. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:255037 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
