Hi Chris,
>Check the help on urlSessionFormat, I think there's a switch to turn off the token append.
You mean to switch off CFID/CFTOKEN only? Otherwise, I don't see any
utility in turning of the entire token in urlSession format...
BTW, I don't believe there is a (documented) switch in
urlSess
CFID/CFTOKEN are still used to identify client variables stored in the database.
Check the help on urlSessionFormat, I think there's a switch to turn off the token append.
best,
Chris Norloff
-- Original Message --
From: Jamie Jackson <[EMAIL PROTECTED]>
R
I've got a couple questions about session.urlToken under J2EE
sessions:
When J2EE sessions are enabled, why does session.urlToken bother with
CFID/CFTOKEN anymore. The fact that both are there confuses me. I
wonder which takes precedence? Do I lose the extra security that the
uniqueness of jsessio
3 matches
Mail list logo
