On 7/17/07, Michael Traher <[EMAIL PROTECTED]> wrote: > We are currently considering stripping cfid cftoken and jsessionid from the > url scope in application.cfc. This means users must use cookies to use the > site of course. > > Any thoughts?
As long as you understand that a user can pretty easily control what cookies it sends back to the server, only slightly more difficult than manipulating the URL string. rick ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Deploy Web Applications Quickly across the enterprise with ColdFusion MX7 & Flex 2 Free Trial http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:283877 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
