Let's see. Since I don't use CF_FORMURL2ATTRIBUTES (could never get it to
work) and don't use CFAPPLICATION (I use my own home-made client management
system), I think effectively I'm doing it BEFORE CF_FORMURL2ATTRIBUTES, and
CFAPPLICATION.
best, paul
At 11:33 AM 2/6/01 -0500, you wrote:
>So presumably you'd have to do this right after the call to the
>CF_FORMURL2ATTRIBUTES but before the CFAPPLICATION tag right? Otherwise the
>session would already have been found.
>
>ed
>
>-----Original Message-----
>From: paul smith [mailto:[EMAIL PROTECTED]]
>Sent: Monday, February 05, 2001 8:57 PM
>To: Fusebox
>Subject: RE: Search Engine safe urls and CFID/CFTOKEN
>
>
>I have the CFID/CFTOKEN values in the URL.
>
>But when the referrer is not from my website, I scrub those values and
>assign new ones.
>
>best, paul
>
>PS> What's "SES"
>
>At 05:33 PM 2/5/01 -0500, you wrote:
> >Consider what happens when a search engine indexes your site including the
> >CFID/CFTOKEN identifiers in the SES URL.... Depending on your structure,
> >they might all end up assuming the *same* session or client identity, or
> >throwing timeout errors, viewing other people's shopping carts... all
> >sorts of nasty stuff (theoretically, anyway).
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
