RE: Advantages of use cfid and cftoken?

Stephen Moretti Tue, 08 May 2001 03:49:21 -0700
Tony,

>
> i'm confused of all this but i think that cfid and cftoken is not
> a perfect
> way to save the user session.
>
> You tell me:
>
> "...Client variables should be used to store information gathered by the
> user eg. shopping cart content, ..."
>
> But imagine i store shopping cart content of a user into a client
> variables
> and i give the bokkmark to a friend, we will have the same shopping cart
> content.
>

CFID and CFTOKEN are just references to information held in memory or in the
client datasource.  Giving a URL with the CFID and CFTOKEN to someone else
will give them the information to retrieve that data in much the same way as
a URL with say mysite.com/index.cfm?fuseaction=dspProduct&ProductID=23 will
display the product number 23 from your database.


> I undestant the utility of cfid and cftoken but i don't undestant
> why can i
> have the cfid and cftoken of another user simply puting them into
> a url. I
> think this breaks the concept of  a continuous session for a visitor to a
> site.
> The first time an user visits the website he have a cfid and a
> cftoken, and
> i think is no necessari to pass by url to keep this.
> So if this is true, why is a good think pass by url cfid and cftoken?
> If we pass by url we have the problem of bookmarks because the bookmark
> will store the cfid and cftoken too and this will make that many users
> using the same bookmark will use the same cfid and cftoken and will have
> the same session and client variables.
>
You don't _have_ to pass the CFID and CFTOKEN on the URL, because this
information is stored in a cookie on the users computer.  However, if the
user does not have cookies enabled then the session will not be maintained,
because CF will not be able to write to/read from the cookie containing the
CFID and CFTOKEN for that session.  This why it is recommended that you
include the CFID and CFTOKEN on URLs.

There are ways that you can determine whether a user has cookies enabled or
not and then decide whether to append the CFID and CFToken to the URL.


Regards

Stephen


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Advantages of use cfid and cftoken?

Reply via email to
