I seem to remember that there is a way of forcing CF to create the CFID (or was it CFTOKEN) as a UUID...... that should stop people guessing... or at the very least make it harder.
> -----Original Message----- > From: Douglas L. Brown [mailto:[EMAIL PROTECTED]] > Sent: 14 November 2001 16:27 > To: CF-Talk > Subject: Re: CFID & CFTOKEN > > > It really is not much of a security issue, with CF using both > the CFTOKEN & > CFID it would be a far fetched occurence that someone can > guess the right > sequence of numbers to use. If it were possible then all > these e-commerce > sites would be in dire jeopardy. > > > > DB > ----- Original Message ----- > From: "tom muck" <[EMAIL PROTECTED]> > To: "CF-Talk" <[EMAIL PROTECTED]> > Sent: Wednesday, November 14, 2001 8:02 AM > Subject: Re: CFID & CFTOKEN > > > > You can put some code in your Application.cfm to > automatically log out a > > user if they close a browser: > > > > <cflock scope = "Session" timeout = "30" type = "readonly"> > > <CFCOOKIE NAME="CFID" VALUE="#SESSION.CFID#"> > > <CFCOOKIE NAME="CFTOKEN" VALUE="#SESSION.CFTOKEN#"> > > </cflock> > > > > tom > > www.basic-ultradev.com > > > > > > > 2) Does anyone know any JavaScript that will stop a user > from clicking > > > the Close button on their browser, and bring up an alert > telling them > > > they must log out? > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
