This is getting WAY strange.
I've inserted some extra fields into a database table that is used to track
user progress through this application. I've found that not only are people
hijacking sessions, but the ID/Token values as well - I've got multiple
people in the app at once that are sporting the same ID/Token pair.
The creepy thing is, I'm passing the ID/Token pair in the URL for each page
refresh.... so how, pray tell, would these be changing?
I'm doing <a href="index.cfm?CFID=#CFID#&CFTOKEN=#CFTOKEN#">blah</a>
basically. Is this flawed? Should I be using #URL.CFID# etc.?
--Scott
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
