> He's right... if you take the step of saying no cookies allowed you > have to pass the token around from link to link, exposing it via the > url and that is a security issue.
Matt, can you explain exactly what the security issues are. Are you talking about sniffing it over the network (would https help that)? Wouldn't you have to have admin access to the server anyway to do anything with that information, in which case security is compromised already? I don't know much about security so I'm curious - I don't see exactly how having the session id alone would compromise security. -- Josh ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269966 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
