If your using cookie session and then use addtoken="yes", it will manually ad dthe cfid and cftoken to all URLS. You need to use NO unless your using this method everywhere else as well.
-----Original Message----- From: Niklas Richardson [mailto:[EMAIL PROTECTED]] Sent: 14 October 2002 09:36 To: [EMAIL PROTECTED] Subject: RE: [ cf-dev ] Infamous Session 'Stealing' Shouldn't that be addtoken="yes".... You need to pass that URLTOKEN around otherwise sessions will cross over! Friggin' nightmare! And locking is a total must! Cheers Niklas > -----Original Message----- > From: Russ 'Snake' Michaels [mailto:[EMAIL PROTECTED]] > Sent: Thursday, October 10, 2002 1:03 PM > To: [EMAIL PROTECTED] > Subject: RE: [ cf-dev ] Infamous Session 'Stealing' > > > check cflocation tags have the addtoken="no" attribute set, > as this is a > common cause of this problem. > get yer locks in place. > create a page to kill all session variables so people can > kill their session > when this happens and start again. > > > -----Original Message----- > From: Robertson-Ravo, Neil (REC) > [mailto:[EMAIL PROTECTED]] > Sent: 10 October 2002 12:58 > To: '[EMAIL PROTECTED]' > Subject: [ cf-dev ] Infamous Session 'Stealing' > > > Guys, we have inherited a CF 4.5.x system where none of the > shared scope > variables are locked at all and where the CFID and CFTOKEN > are present in > every link. The login security uses session vars. > > There is a scenario where one person in a building can login > to the system > and another person, in the same building can login and gain > access to the > other persons session; I am leaning toward the fact that > since the variables > are free of locks the problem is there, but it could also be > an issue where > the IP addresses are the same due to corporate networks etc... > > Anyone else give any more info on this age old problem before I start > pointing fingers :-) > > Thanks > > Neil > > -- > ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] For > human help, e-mail: [EMAIL PROTECTED] > > > -- > ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] For > human help, e-mail: [EMAIL PROTECTED] > -- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED] -- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED]
