Dan,
Greetings, my name is Jeff Joy. I had written you and the rest of this users group on Friday. I hope that I've caught you at an auspicious time. Listen, long story short, I have some contract to hire opportunities open for some Coldfusion developers- two as a matter of fact. Would you or anyone you know of be interested in discussing the opportunities? If you know of anyone that we use, I can afford to give you a modest referral fee. Please let me know what your thoughts are when you get a chance.
Professional Regards,
Jeff Joy
469-733-7851
Aquent Technologies
-----Original Message-----
From: Dan Blackman [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 17, 2005 9:27 AM
To: [email protected]
Subject: RE: jsessionid
Tom,
The JsessionId lives in the Session scope. If you want to pass it just
set a URL var = session.jsessionId or if you want both I believe it's
session.urltoken. That is if you have Jession 's selected in the Admin
as your session var of choice.
Dan
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On
Behalf Of Schreck, Tom
Sent: Monday, January 17, 2005 7:37 AM
To: [email protected]
Subject: RE: jsessionid
Is jsessionid passed when addtoken="yes" attribute/value is added to
cflocation? Are there other ways jsessionid can be passed?
Thanks
Tom Schreck
972-361-9943
-----Original Message-----
From: Daniel Elmore [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 14, 2005 3:59 PM
To: [email protected]
Subject: RE: jsessionid
The jsessionid will function just like the cfid and cftoken values do.
It
identities the session and if it's in the url its a security hole. It
would
work the same way if you copied someone's cookie onto your computer and
if
the session was still activate it would grant you access.
The fix: never pass these IDs in the URL. It can be dangerous also when
the
user exits the site and that ID is stored in someone else's server logs
as a
referral url.
Daniel
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of
Schreck, Tom
Sent: Friday, January 14, 2005 3:49 PM
To: [email protected]
Subject: jsessionid
A user forwarded me a link which had a jsessionid in the url. I clicked
on
the link and was logged in as that user. What causes this and how do I
fix
it?
Thanks
Tom Schreck
Applications Developer
Dresser, Inc.
15455 Dallas Parkway, Suite 1100
Addison, TX 75001-4690
972-361-9943
[EMAIL PROTECTED]
----------------------------------------------------------
To post, send email to [email protected]
To unsubscribe:
http://www.dfwcfug.org/form_MemberUnsubscribe.cfm
To subscribe:
http://www.dfwcfug.org/form_MemberRegistration.cfm
----------------------------------------------------------
To post, send email to [email protected]
To unsubscribe:
http://www.dfwcfug.org/form_MemberUnsubscribe.cfm
To subscribe:
http://www.dfwcfug.org/form_MemberRegistration.cfm
----------------------------------------------------------
To post, send email to [email protected]
To unsubscribe:
http://www.dfwcfug.org/form_MemberUnsubscribe.cfm
To subscribe:
http://www.dfwcfug.org/form_MemberRegistration.cfm
