[thelist] CFToken, Cookies & Client Management

rudy limeback r937 at interlog.com
Wed May 10 19:56:45 2000

Previous message: [thelist] CFToken, Cookies & Client Management
Next message: [thelist] CF Search problem
Return to the message index sorted by: [ date ] [ thread ] [ subject ] [ author ]

> You can't not have your cookie and eat it too.

hi matthew

hey, neat tag line


> However, presumably the ID and Token won't work
> after the session times out. Is that correct?

i'm pretty sure, yes

having cfid and cftoken in the url means they can be intercepted,
theoretically

so somebody is either listening to *you* specifically, or else they have to
(1) accidentally find your cfid and cftoken and (2) masquerade as you while
your session is still active

i should like to think that, statistically speaking, it just ain't gonna
happen

nobody is going to "stumble" upon a cfid and cftoken in an http request and
act on it maliciously while the session is still active --unless they are
actively listening to *your* internet traffic

if that's the case, you're s.o.l. anyway, no matter which cookie-less site
you happen to be visiting...

_____________
rudy limeback
http://r937.com/
http://evolt.org/

Previous message: [thelist] CFToken, Cookies & Client Management
Next message: [thelist] CF Search problem
Return to the message index sorted by: [ date ] [ thread ] [ subject ] [ author ]