About the only thing I can think of is to add some code to your App.cfm file which checks for the existence of CFID and CFTOKEN as URL variables and if found, just redirect to the same page minus the session info on the url line. Of course this assumes you don't ever pass the session info in the url.
</rob> -----Original Message----- From: Hoag, Claudia (LNG) [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 21, 2002 10:19 AM To: CF-Talk Subject: sharing sessions due to url.cfid and url.token I'm trying to think of a way not to allow people to inadvertedly share a session by sending each other a url with their cfid and cftoken in it. Of course we can just make sure that those are not passed as url parameters, but I'm thinking if there's a way to check if this is a session initiated by someone else. Do you guys have any ideas? Thanks ______________________________________________________________________ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
