Raymond, I was reading over your Powerpoint presentation last week (ColdFusionMX Application Security), and I just remembered something I had a quick question about...
On the last page of the presentation you have the following: Extra Cookie-less Security ---------------------------- Pass encrypted key in URL Like cookie-less session Use session variable Need to pass session.urlToken Need to coordinate session/login timeout. I was just wondering what this was referring to, and if maybe you could expand a little more on it...Specifically the "Pass encrypted key in URL" part. Also the pass session.urlToken part too...what's the deal with that? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4