It really is not much of a security issue, with CF using both the CFTOKEN & CFID it would be a far fetched occurence that someone can guess the right sequence of numbers to use. If it were possible then all these e-commerce sites would be in dire jeopardy.
DB ----- Original Message ----- From: "tom muck" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, November 14, 2001 8:02 AM Subject: Re: CFID & CFTOKEN > You can put some code in your Application.cfm to automatically log out a > user if they close a browser: > > <cflock scope = "Session" timeout = "30" type = "readonly"> > <CFCOOKIE NAME="CFID" VALUE="#SESSION.CFID#"> > <CFCOOKIE NAME="CFTOKEN" VALUE="#SESSION.CFTOKEN#"> > </cflock> > > tom > www.basic-ultradev.com > > > > 2) Does anyone know any JavaScript that will stop a user from clicking > > the Close button on their browser, and bring up an alert telling them > > they must log out? > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
