if you're bidding on a job he has just added a nice fat increase to your bid expense. You will have to pass the key pair around for everything. All cflocations, form posts, url links. The works. And exposing the key pair has security implications that imho cannot be overcome. You basically create an attack surface that otherwise doesn't exist.
urlsessionformat() is going to be your friend, sadly. As for client vars, I echo what was said with respect to the fact that it works fine if you design your app to use it from scratch, and realize its limitations (i.e. no structs unless you want to use cfwddx to plug them in, which is crazy overhead). Cvars are the right tool for SOME jobs but not all of them. Every hit to your server will generate a hit to your database as the lvisit and hitcount vars are updated, at minimum. Fine if you plan for it and know what you're getting into, but session vars are probably a better option. Since the advent of CF MX I have tried to stay away from cvars if I can and stick to session vars. -- [EMAIL PROTECTED] Janitor, The Robertson Team mysecretbase.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269928 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4