Interesting...I'll have to check them out then! ;) > -----Original Message----- > From: Robertson-Ravo, Neil (REC) > [mailto:[EMAIL PROTECTED]] > Sent: Monday, October 14, 2002 10:05 AM > To: '[EMAIL PROTECTED]' > Subject: RE: [ cf-dev ] addtoken="No" > > > there are some good MM technotes on this. > > -----Original Message----- > From: Niklas Richardson [mailto:[EMAIL PROTECTED]] > Sent: 14 October 2002 10:02 > To: [EMAIL PROTECTED] > Subject: RE: [ cf-dev ] addtoken="No" > > > The docs aren't actually very clear. > > You can never be sure whether a user will have cookies turned > on or not. > > I also find that passing URLTOKEN in pre-CFMX application would help > guarantee that sessions / client vars would be stored and passed > correctly, and no session hijacking would occur. > > Infact, after the complete hassle of using SESSIONs in CF4.5 I gave up > using them altogether and only stuck with CLIENT vars. > However this has > changed in CFMX as it actually works now! > > I know these arguments are particularly solid...but I've found that > since doing that I ain't had any problems! > > > > > > -----Original Message----- > > From: Robertson-Ravo, Neil (REC) > > [mailto:[EMAIL PROTECTED]] > > Sent: Monday, October 14, 2002 9:46 AM > > To: '[EMAIL PROTECTED]' > > Subject: RE: [ cf-dev ] addtoken="No" > > > > > > really? thats not what the docs state? they say never pass > > the CFID/CFTOKEN > > unless you are not using cookies..... > > > > > > > > -----Original Message----- > > From: Niklas Richardson [mailto:[EMAIL PROTECTED]] > > Sent: 14 October 2002 09:43 > > To: [EMAIL PROTECTED] > > Subject: RE: [ cf-dev ] addtoken="No" > > > > > > If you are using Client variables (or even session vars) not > > passing the > > URLTOKEN will sometimes 'cause sessions to go nuts. > > > > You will always need to pass URLTOKEN if you want to > > guarantee that your > > sessions will not get hijacked! > > > > If you set addtoken="no" you will then need to explicitly pass the > > URLTOKEN in the string. > > > > Cheers > > > > Niklas > > > > > > > > > -----Original Message----- > > > From: Robertson-Ravo, Neil (REC) > > > [mailto:[EMAIL PROTECTED]] > > > Sent: Friday, October 11, 2002 9:32 AM > > > To: '[EMAIL PROTECTED]' > > > Subject: RE: [ cf-dev ] addtoken="No" > > > > > > > > > Ah, I always set it to no. > > > > > > -----Original Message----- > > > From: Giles Roadnight [mailto:[EMAIL PROTECTED]] > > > Sent: 11 October 2002 09:32 > > > To: [EMAIL PROTECTED] > > > Subject: Re: [ cf-dev ] addtoken="No" > > > > > > > > > I thought that the default was to add a token. If I leave the > > > attribute off > > > I always get the token added. > > > ----- Original Message ----- > > > From: "Robertson-Ravo, Neil (REC)" > > > <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Friday, October 11, 2002 9:25 AM > > > Subject: [ cf-dev ] addtoken="No" > > > > > > > > > > Anyone had any problems where not adding addtoken="no" to > > > the cflocation > > > tag > > > > will cause it to add the token. > > > > > > > > CF4.5x > > > > > > > > Thanks > > > > > > > > N > > > > > > > > -- > > > > ** Archive: > > > http://www.mail-archive.com/dev%> 40lists.cfdeveloper.co.uk/ > > > > > > > > > > > To unsubscribe, e-mail: > > > [EMAIL PROTECTED] > > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > For human help, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > -- > > > ** Archive: > > http://www.mail-archive.com/dev%> 40lists.cfdeveloper.co.uk/ > > > > > > > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > For human help, e-mail: [EMAIL PROTECTED] > > > > > > -- > > > ** Archive: > > http://www.mail-archive.com/dev%> 40lists.cfdeveloper.co.uk/ > > > > > > > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > For human help, e-mail: [EMAIL PROTECTED] > > > > > > > > > -- > > ** Archive: > http://www.mail-archive.com/dev%> 40lists.cfdeveloper.co.uk/ > > > > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > For human help, e-mail: [EMAIL PROTECTED] > > > > -- > > ** Archive: > http://www.mail-archive.com/dev%> 40lists.cfdeveloper.co.uk/ > > > > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > For human help, e-mail: [EMAIL PROTECTED] > > > > > -- > ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > For human help, e-mail: [EMAIL PROTECTED] > > -- > ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > For human help, e-mail: [EMAIL PROTECTED] >
-- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED]
