I am just setting up a variable to capture cgi.http_referer. <cfset session.referer = cgi.http_referer>. Initially, the variable was set up as <input type="hidden" name="referer" value="#CGI.http_referer#">
This variable is defined on a form, which submits to itself. I want to capture the initial cgi.http_referer value when the user first lands on the form and save it to database upon successful submission, hence was using hidden value. Recent security scanning has identified the input form variable for XSS, and hence I am changing it to a session value. On Tue, Aug 6, 2013 at 3:01 PM, Alan Rother <[email protected]> wrote: > > Can we see some sample code? > > > On Tue, Aug 6, 2013 at 12:43 PM, fun and learning > <[email protected]>wrote: > > > > > All - > > > > I am converting a form variable to a session variable.I enabled session > > management in application.cfm in cfapplication tag. The change works fine > > only on my system, but when others try it, they get > > > > 'Element undefined in SESSION'. > > > > What could be the possible reason? > > > > Thanks. > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:356407 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
