RE: Search Engine safe urls and CFID/CFTOKEN

paul smith Tue, 06 Feb 2001 09:51:51 -0800
Well, I use a home-made version of CFID/CFTOKEN. That is, I generate them 
myself rather than relying on CFAS to do it. Next I use a modified fusebox 
style of passing variable name/value pairs. So a typical URL might look like:

http://www.smarteryellowpages.com/SC/SCL/index.cfm/IN.256/CD.3142521/CN.38399997/ST.51/HD.2866000.htm

where the variables CD, CN correspond to CFID, CFTOKEN, respectively.

If the URL did not come from www.smarteryellowpages.com, I strip out the 
256, 3142521, and 3839997 as follows:

<!--- Strip IN/CFI/CFT from offsite referrals --->
<CFSET CGI_SCRIPT_NAME = CGI.SCRIPT_NAME>
<CFIF NOT FINDNOCASE("http://www.smarteryellowpages.com",CGI.HTTP_REFERER)>
<CFIF LISTCONTAINSNOCASE(CGI_SCRIPT_NAME,"CD.","/")>
<CFSET CGI_SCRIPT_NAME = LISTDELETEAT(CGI_SCRIPT_NAME, 
LISTCONTAINSNOCASE(CGI_SCRIPT_NAME,"CD.","/"),"/")>
</CFIF>
<CFIF LISTCONTAINSNOCASE(CGI_SCRIPT_NAME,"CN.","/")>
<CFSET CGI_SCRIPT_NAME = LISTDELETEAT(CGI_SCRIPT_NAME, 
LISTCONTAINSNOCASE(CGI_SCRIPT_NAME,"CN.","/"),"/")>
</CFIF>
<CFIF LISTCONTAINSNOCASE(CGI_SCRIPT_NAME,"IN.","/")>
<CFSET CGI_SCRIPT_NAME = LISTDELETEAT(CGI_SCRIPT_NAME, 
LISTCONTAINSNOCASE(CGI_SCRIPT_NAME,"IN.","/"),"/")>
</CFIF>
</CFIF>

best, paul



At 03:03 PM 2/6/01 +0000, you wrote:
>what method do you use to scrub the cfid and cftoken and assign new values?
>
>-----Original Message-----
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
>Sent: 06 February 2001 01:57
>To: Fusebox
>Subject: RE: Search Engine safe urls and CFID/CFTOKEN
>
>
>I have the CFID/CFTOKEN values in the URL.
>
>But when the referrer is not from my website, I scrub those values and
>assign new ones.
>
>best,  paul
>
>PS> What's "SES"
>
>At 05:33 PM 2/5/01 -0500, you wrote:
> >Consider what happens when a search engine indexes your site including the
> >CFID/CFTOKEN identifiers in the SES URL.... Depending on your structure,
> >they might all end up assuming the *same* session or client identity, or
> >throwing timeout errors, viewing other people's shopping carts... all
> >sorts of nasty stuff (theoretically, anyway).
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Search Engine safe urls and CFID/CFTOKEN

Reply via email to
