>Am I supposed to pass a cfid
>or url token in each link on
>the secure portion of the site?
Yes, if you have setclientcookies="no" in your <cfapplication> tag, you have
to pass the cfid and cftoken (or request.urltoken). If you want to use
cookies, set it to "yes". But, you may want to include some code that
checks to see if cookies can be set with the client's browser.
-----Original Message-----
From: webmaster [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 14, 2000 4:08 PM
To: Fusebox
Subject: App_Secure & App_Login
I'm having trouble with the security model proposed by the fusebox
site. I feel that I'm missing some part or component of it. When a
user on my site logs in with a userid and password, they are granted
acces to the correct page. However, when they attempt to perform any
actions on the site, they are redirected back to the login page and then
back again after logging in yet again. I have my server variables set
to expire after 10 minutes and also in the application on the
request.timespan in the app_server file. Am I supposed to pass a cfid
or url token in each link on the secure portion of the site?
--
Branden deBuhr
HotMediaGroup.com
Email: [EMAIL PROTECTED]
Office: 630-724-0467
Mobile: 630-235-2889
AOL IM: BrandendeBuhr
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
