CFID is simply a sequential integer per machine
CFTOKEN is, in default setting, assigned a random unsigned long int (0 < x <
2^32-1).
If you're client needs to know the exact algorythm used to generate the
random method, you'll probably have to ask an Allaire programmer. CF doesn't
validate the CFTOKEN anymore (as of 4.5 I think, not sure) so you can use
any value you want for it; as it's just to stop people hijacking sessions by
entering in a sequential CFID. If you want, you can have a UUID appended to
CFTOKEN by changing the UUIDToken key in the registry to 1 (I've never done
this on a system w/o a registry before so not sure where it would be
stored).
[HKEY_LOCAL_MACHINE\Software\Allaire\ColdFusion\CurrentVersion\Clients\]
So if you're really uptight about someone guessing a 10 digit random number,
either use your own algorythm to generate the CFTOKEN or concat the UUID on
to the end.
Hope it helps :)
-----Original Message-----
From: Teng-Yan Loke [mailto:[EMAIL PROTECTED]]
Sent: January 17, 2001 21:41
To: CF-Talk
Subject: URLToken Algorithm
My client would like to know the algorithm used to generate unique values
and the ranges for CFID and CFTOKEN for session management.
Any help please? Thanx.
----
Loke, Teng-Yan | [EMAIL PROTECTED] | +65-2169725
E-commerce | novaSPRINT.com (S) Pte Ltd
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
