Session variables are nice, just remember that once you go to multiple
servers to scale, you may have issues unless you use "stick
servers/sessions" because as the user hops servers, the variables may/not be
on the machine they hop to.
--Doug
-----Original Message-----
From: Mark Warrick [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 20, 2000 3:06 PM
To: [EMAIL PROTECTED]
Subject: RE: Any Security Concerns Here? Passing Token in URL [CF-Talk]
Just to reiterate - you should never pass variables that identify a certain
user through forms or URLs. If you do, you leave your system open for other
people to copy those params and screw with other's peoples records.
Use session variables. You can store the session variables in the registry
or in a database if you're worried about people not having cookies turned
on, but I really wouldn't worry about the cookie-fearing types and the
browsers that don't accept cookies. (God, do those browsers still exist?)
---mark
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
