I've not quite got it figured out myself. But the cilent has a bit of experience with coldfusion, going back to CF1 and up to CF5.2. So he knows something of what he speaks, but his technical knowledge is dated.
Anyway, he says there's a security issue with using a token throughout for a session, so each page view has to issue a new token, and expire the last one. SO i suppose that means in the applicatoin.cfc I have to add something like this (pseudo code) to the onrequeststart() method: gettoken() retrieve state from the database createUUID() set token to be the new UUID I'm not sure how to do it yet. I'm still trying to convince him to let me use client vars! Cheers Mike Kear Windsor, NSW, Australia Adobe Certified Advanced ColdFusion Developer AFP Webworks http://afpwebworks.com ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month On/16/07, Eric Haskins <[EMAIL PROTECTED]> wrote: > "And to add to the fun of it all, we have to have a > new session variable each page request." > > Can you explain this a bit?? What do you mean? > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269941 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
