Doesn't act_logout.cfm from the fusebox site code cover this somewhat?
<cfset newstring=rereplacenocase(newstring,"[&?]cfid=[0-9]*","","all")>
<cfset newstring=rereplacenocase(newstring,"[&?]cftoken=[0-9]*","","all")>
I'm still learning but it looks to me it just chugs through everything
and either sets it to "", or deletes it:
<cfset temp=DeleteClientVariable("returnfuseaction")>
This of course assumes someone hits a 'logout' button of course...
jim
On Saturday, December 02, 2000, 3:43:49 PM, Nat wrote:
NP> If, any time until the session/client data is purged from the CF system
NP> (using purge client vars or session timeout values) another browser anywhere
NP> in the world uses the same CFID/CFToken combo on a URL, they get that
NP> session. I think you know this, but I just wanna be clear.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
