Thanks for the tip Max, I will look into this way of creating CFID/CFTOKEN
strings. It had actually occurred to me that having the CFID/CFTOKEN combos
in search engine results might not be all that great but I knew that I could
always do something like check the referrer and ignore the session stuff if
they weren't from my site. I haven't actually gotten around to implementing
this yet because the site is still in beta.
ed
-----Original Message-----
From: Max Paperno [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 05, 2001 5:33 PM
To: Fusebox
Subject: RE: Search Engine safe urls and CFID/CFTOKEN
Ed, yea, I figured that much. My question really should have been: Why not
just keep the CFID/CFTOKEN in the URL query string? Perhaps the non-obvious
part of this is that you can still have a standard query string attached to
a SES URL. Or at least it works with WebSite and Apache, not sure about
IIS.
Consider what happens when a search engine indexes your site including the
CFID/CFTOKEN identifiers in the SES URL.... Depending on your structure,
they might all end up assuming the *same* session or client identity, or
throwing timeout errors, viewing other people's shopping carts... all sorts
of nasty stuff (theoretically, anyway).
Cheers,
-Max
At 2/5/2001 11:55 AM -0500, you wrote:
>Max,
>
>I don't necessarily want cfid/cftoken to be indexed by search engines.
>However if I do want any kind of cookie-less session management on the site
>then I MUST have cfid/cftoken combos on every form submit and url on the
>site otherwise when a user clicks on a link or submits a form that doesn't
>have the CFID/CFTOKEN combo in it we can't find their session. Or worse a
>new CFID/CFTOKEN combo is assigned to them and I just lost their session
>information. If you have cookies enabled it's no big deal. But a lot of
>people are paranoid and I have to accomodate their needs which means
sending
>CFID/CFTOKEN on EVERY single url and form submit on the page.
>
>ed
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
