Peter, Take a look at cf_SessionMonger. It can't be shared via links, even with cookies turned off. Downside: you'll have to pass its value via a url, although I'm playing around with something at a new site that moves the var into a session variable and carries it around (for a pre-existing site where I'm dropping a module into the middle of it.
http://devex.macromedia.com/developer/gallery/info.cfm?ID=CA347818-2830- 11D4-AA9700508B94F380&method=Full --Matt Robertson-- MSB Designs, Inc. http://mysecretbase.com -----Original Message----- From: Peter Tilbrook [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 31, 2002 7:47 PM To: CF-Talk Subject: Hijacking of CFID/CFTOKEN variables. Help please :) Hi there! I'm having problems with a "fusebox" application that requires unique identification for each client connected. At the moment it appears that users are able to bookmark the applications full URL including the CFID and CFTOKEN - essentially hijacking the settings assigned to a previous client. Not good. To prevent this occurring what wouyld be the best solution? I've considered this: 1. Embedding the main content of the site in a frame that would prevent a user from bookmarking the site with the CFID/CFTOKEN variables embedded. This would force CF to either identify a revisiting client or assign a new CFID/CFTOKEN value. This would also prevent a user from "changing" the CFID/CFTOKEN values. 2. Somehow dumping the CFID/CFTOKEN and assigning a new one if it already exists. The values are being stored in a datasource. Any other ideas? I need to sort this out by Monday at the earliest. Thanks in advance! Regards, Peter Tilbrook ([EMAIL PROTECTED]) ______________________________________________________________________ Why Share? Dedicated Win 2000 Server · PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation · $99/Month · Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusionc FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists