Hi Guys, I am having a problem with one of my session applications.
Basically, I am cutting out the cookie that is planted by cfapplication, in lieu of the IE6 Third-Party cookie denial by default. (My code is generating a part of a website for another domain.) MY APPLICATION.CFM does the following: <cfapplication name="theAPP" clientmanagement="Yes" sessionmanagement="Yes" setclientcookies="No" sessiontimeout="#CreateTimeSpan(0,0,20,0)#" applicationtimeout="#CreateTimeSpan(1,0,20,0)#"> <cflock timeout="30" throwontimeout="Yes" name="SessionLock"> <cfparam name="Session.autotoken" default="? CFID=#session.cfid#&CFTOKEN=#session.cftoken#"> <cfparam name="Session.XXautotoken" default="&CFID=#session.cfid#&CFTOKEN=#session.cftoken#"> </cflock> SO, at this point, the CFID and CFTOKEN should be stored in session.autotoken and session.XXautotoken respectively, correct? (I am referencing http://www.cfhub.com/adavanced/managing_state/cookies.cfm) Now, when the application goes into the main menu after logging in to the system and creating the session, I have it generate a link with the #XXAutoToken# embedded. When I go to browse it on the browser, do a View Source, it shows the CFID as being incremented by 1 (+1). Meaning, if my CFID in my Address bar in my browser is 28303, the one embedded in the page it self is 28304. Also, obviously, it changes the CFTOKEN. To me, it seems to be regenerating the CFID / CFTOKEN somehow. I am sure someone has seen this already, thoughts / comments would be appreciated. Thanks in Advance, Jas FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists