Nik are you saying that all CFapps MUST have cfid and CFtoken inthe URL to ensure no session hijacking?
I disagree AFAIK if you lock properly your sessions should never get muddled is there some documentation to support your claim? *interested* Matt At 09:43 14/10/02 +0100, you wrote: >If you are using Client variables (or even session vars) not passing the >URLTOKEN will sometimes 'cause sessions to go nuts. > >You will always need to pass URLTOKEN if you want to guarantee that your >sessions will not get hijacked! > >If you set addtoken="no" you will then need to explicitly pass the >URLTOKEN in the string. > >Cheers > >Niklas > > > > > -----Original Message----- > > From: Robertson-Ravo, Neil (REC) > > [mailto:[EMAIL PROTECTED]] > > Sent: Friday, October 11, 2002 9:32 AM > > To: '[EMAIL PROTECTED]' > > Subject: RE: [ cf-dev ] addtoken="No" > > > > > > Ah, I always set it to no. > > > > -----Original Message----- > > From: Giles Roadnight [mailto:[EMAIL PROTECTED]] > > Sent: 11 October 2002 09:32 > > To: [EMAIL PROTECTED] > > Subject: Re: [ cf-dev ] addtoken="No" > > > > > > I thought that the default was to add a token. If I leave the > > attribute off > > I always get the token added. > > ----- Original Message ----- > > From: "Robertson-Ravo, Neil (REC)" > > <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Friday, October 11, 2002 9:25 AM > > Subject: [ cf-dev ] addtoken="No" > > > > > > > Anyone had any problems where not adding addtoken="no" to > > the cflocation > > tag > > > will cause it to add the token. > > > > > > CF4.5x > > > > > > Thanks > > > > > > N > > > > > > -- > > > ** Archive: > > http://www.mail-archive.com/dev%> 40lists.cfdeveloper.co.uk/ > > > > > > > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > For human help, e-mail: [EMAIL PROTECTED] > > > > > > > > > -- > > ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > For human help, e-mail: [EMAIL PROTECTED] > > > > -- > > ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > For human help, e-mail: [EMAIL PROTECTED] > > > > >-- >** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] >For human help, e-mail: [EMAIL PROTECTED] -- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED]
