if you have cookies enabled the cfid and cftoken will be stored in a cookie
passing them as url variables is mainly in case the client does not have
cookies enabled. so the application is probably reading your cfid and
cftoken from a system set cookie.
-----Original Message-----
From: Michael Omar Gatto [mailto:[EMAIL PROTECTED]]
Sent: 13 November 2000 06:51
To: Fusebox
Subject: Client Vars and App_secure
Hi, All!
I secured my application with app_secure and app_login per
the Fusebox.org examples and the e-book. However, when I
strip the CFID and CFTOKEN from the URL in the browser's
address box and type a secured page's url in without the
URLToken, the page displays! I thought CFID/CFTOKEN had to
be passed in the URL as request.urltoken for the secured
page to be loaded. Am I wrong in understanding how this
works?? Is there something wrong with my application?
Thanks,
-Mike G
----------------------------------------------------------------------------
--
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
