CF checks to see if it exists before creating them. - Steve
-Original Message-
From: Bud [mailto:[EMAIL PROTECTED]]
Sent: Sunday, August 27, 2000 3:29 PM
To: [EMAIL PROTECTED]
Subject: How are CFID and CFTOKEN generated
I've asked this before, but have never gotten a decent answer.
The CFID is a number incremented by one each time a new one is needed. How
does CF know a new one is needed? Because Client or Session management is
turned on in the CFAPPLICATION tag, and CF didn't get one as a cookie, URL
or Form var when the page was called.
Really, a CFID should be all
On 8/27/00, Cameron Childress penned:
The CFID is a number incremented by one each time a new one is needed. How
does CF know a new one is needed? Because Client or Session management is
turned on in the CFAPPLICATION tag, and CF didn't get one as a cookie, URL
or Form var when the page was
Really, a CFID should be all that is required to identify a session.
Unfortunately, that would make for a very insecure app because
user's could
easily "guess" another session's CFID and hijack the session.
Therefore, a
CFTOKEN is used to make the CFID harder to guess. The CFTOKEN is
a
4 matches
Mail list logo
