> Yes I was playing around with this approach but I've never used wddx so
> wasn't sure about its usage in this situation. So I would
> basically use wddx
> to serialize, then drop that into a holding table and then on successful
> re-login, grab it where the userIDs match and then de-serialize on the
> insertion template?
Exactly.
> I've been using http_referer and getfilefrompath(cf_template_path) as well
> as query_string. I've managed to get the app to continue on to the pages
> that process the various forms, it's simply been a matter of getting the
> form info to the processing pages, in the format that they are
> expecting (ie
> FORM.field1, FORM.field2, etc.)
Do as Laurie said, copy the submitted form fields into a form that's passed
from your login page to the aborted form. Use somthing like this:
<CFLOOP INDEX="formField" LIST="#structKeyList(FORM)#">
<CFOUTPUT>
<INPUT TYPE="hidden" NAME="#formField#"
VALUE="#evaluate('FORM.#formField#')#"></CFOUTPUT>
</CFLOOP>
> Since I don't know.... what is the security issue with using wddx and
> holding the info in session?
WDDX is secure the problem is that it is easy to read, hence if you serialze
a structure and put it inside a hidden field, someone viewing the source
could get see everything you put in there and this might expose some inner
workings of your app which is a potential hazard...
Good luck,
Marc
-
You are subscribed to the CFUGToronto CFTALK ListSRV.
This message has been posted by: "Marc Campeau" <[EMAIL PROTECTED]>
To Unsubscribe, Please Visit and Login to http://www.CFUGToronto.org/
Manager: Kevin Towes ([EMAIL PROTECTED]) http://www.CFUGToronto.org/
This System has been donated by Infopreneur, Inc.
(http://www.infopreneur.net)
