Yes switch cookies on, setclientcookies to yes and away you go. or pass the cfid & cftoken with every url link back to the website.
Sorry no otherway around it. Cookies are not a security risk, it was you put in them that become that. On 11/18/06, Mullai Subbiah <[EMAIL PROTECTED]> wrote: > > Thank you. I have taken over this code from another programmer. I guess we > set client cookies to no 'cause of security concerns. The clients dont have > their cookies enabled. I am now totally confused on the settings of > <cfapplication>. > > I am setting CFID to session.cfid and similar for CFToken so in case the > user decides to close the browser then he will be logged out. So I guess I > will have to pass the CFID and CFTOken in each of the URL, links etc., But > is it possible to maintain the session without using cookies. > > I am totally confused after reading about this issue for the past two > days. > > Mullai > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:260983 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
