sessions:
When J2EE sessions are enabled, why does session.urlToken bother with
CFID/CFTOKEN anymore. The fact that both are there confuses me. I
wonder which takes precedence? Do I lose the extra security that the
uniqueness of jsessionID affords (i.e. can someone still hack the
CFID/CFTOKEN and hijack a session)?
Also, I'm using urlSessionFormat, and am getting the urltoken
appended, even with cookies turned on. Any suggestions as to how to
troubleshoot this?
Thanks,
Jamie
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
