You should also consider that passing the session token in the URL opens you up to certain XSS vulnerabilities such as the one Yahoo Mail encountered about a month ago:
http://thenextweb.com/insider/2013/01/07/yahoo-mail-users-hit-by-widespread-hacking-xss-exploit-seemingly-to-blame/ In my opinion, passing the token in the URL adds risk and should be done with great care. -Cameron On Fri, Feb 8, 2013 at 5:09 PM, Deborah Yoder <dyo...@fes.follett.com>wrote: > > Our web site currently requires cookies. However, a large business > opportunity has been presented to us, provided we stop requiring the use of > cookies. Obviously, management would like to be able to take advantage of > this opportunity. We currently have thousands of CF and Javascript HREFS, > many forms, etc. > > Was wondering if anybody knows of a feasible way to automate updates to > the code in order to insert the needed URLSESSIONFORMAT code. > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354430 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
