Yes or no. :)
The idea of passing the cfid in each link and form is that you wouldn't
need cookies. If your application can use cookies, then you don't need
to pass them in the URL.
Steve
webmaster wrote:
>
> I'm having trouble with the security model proposed by the fusebox
> site. I feel that I'm missing some part or component of it. When a
> user on my site logs in with a userid and password, they are granted
> acces to the correct page. However, when they attempt to perform any
> actions on the site, they are redirected back to the login page and then
> back again after logging in yet again. I have my server variables set
> to expire after 10 minutes and also in the application on the
> request.timespan in the app_server file. Am I supposed to pass a cfid
> or url token in each link on the secure portion of the site?
>
> --
> Branden deBuhr
> HotMediaGroup.com
> Email: [EMAIL PROTECTED]
> Office: 630-724-0467
> Mobile: 630-235-2889
> AOL IM: BrandendeBuhr
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
