That's CF's, and most products, method of tracking sessions, i.e. tokens as
cookies. It's all in the docs.
Steve
-----Original Message-----
From: Scott M. Berry [mailto:[EMAIL PROTECTED]]
Sent: Saturday, November 18, 2000 2:34 PM
To: CF-Talk
Subject: Security
Hello,
One of my friends and coworker posted here about how to secure a web app. He
suggested storing part of the tickcount in a database and as a cookie, and
then verify that the cookie exists and that the numbers are the same.
I was wondering if there was a way to store a cookie that is some sort of
session ID that CF assigns to each session, so all that would have to be
done is a compare between the cookie and the session id.
Any ideas?
Scott M. Berry :-: [Staff Developer]
annex.com, Inc. - http://www.annex.com/
----- Original Message -----
From: "Jim McAtee" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Saturday, November 18, 2000 11:13 AM
Subject: Re: HTTP Referrer
> Rather than trying to use http_referer in your login page, try the
following.
> Depends a little on how you have your security system setup. If you're
> including at the top of every secured page a template/code snippet to
detect if
> someone is currently logged in, have that bit of code note
'cgi.script_name',
> which is the requested template. When that code redirects to the login
page,
> pass the template name to the login page and then pass it along as a
hidden
> field. If your security scheme has different levels of access be sure to
have
> it also verify that the user is permitted to access the page in question
at the
> same time as you verify the username and password.
>
> Jim
>
>
> -----Original Message-----
> From: W Luke <[EMAIL PROTECTED]>
> To: CF-Talk <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> Date: Saturday, November 18, 2000 10:59 AM
> Subject: Re: HTTP Referrer
>
>
> >
> >> Relying on the referer to take a user back after loggin in is Not A
Good
> >> Idea(tm). Microsoft's IIS does not send the http_referer when not in a
> >> secure section of a site (e.g. https://) Here is the microsoft article
> >that
> >> tells of their reasoning...
> >>
> >> http://support.microsoft.com/support/kb/articles/Q178/0/66.ASP
> >>
> >
> >Thanks for the link. I'm running O'Reilly WebSite Pro, and have been
> >testing this for the past few hours with IE, and it does seem to work
very
> >well.
> >
> >> One /excellent/ way around this is to use the Fusebox custom
> >> tag CF_ReturnFuseAction by Steve Nelson. You don't even need to use
any
> >> other part of Fusebox. It works like a charm in both IE and Netscape.
You
> >> can find the tag on the Fusebox sit (www.fusebox.org) or in Allaire's
Dev
> >> Exchange
> >>
>
>(http://devex.allaire.com/developer/gallery/info.cfm?ID=CA3477C0-2830-11D4-
A
> >A9700508B94F380&method=Full
> >> ) <--watch the word-wrapping
> >
> >Fusebox - that name continues to crop up! I'll take a look.
> >
> >Thanks,
> >
> >Will
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
>
> Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
> Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
