Dave, That is one of the scariest things I ever read :) Heath - If I am reading this correctly, encrypting the cookie doesn't matter. They can just get your encrypted cookie and use it as is, they do not need to unencrypt it.
>Thanks Dave, > >Do you think encrypting the cookie values would be acceptable way of >securing the session? > >Heath ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312923 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4