[thelist] Javascript: url variable to form text field

rudy r937 at interlog.com
Thu Mar 13 09:01:52 CST 2003


>
<http://evolt.jeffhowden.com/jeff/code/js_url_variables/index.cfm?foo=bar&fa
r=boo&cfid=1235908&cftoken=14598715>
>
> Watch the wrap.

tom, watch the session variables

dunno about jeff's site, but in general

in fact, here's a tip

<tip type="protect your identity on the internet">
  when giving out URLs for pages to which you have navigated, be vigilant,
strip out anything that looks like a session variable
  for example, don't give out CFID and CFTOKEN values, which identify your
session on a coldfusion site
  if the site requires login authentication, and if the session is still
active, and somebody else clicks through using your session variables, they
could hijack your session, reset your password, order stuff on your credit
card to ship elsewhere, et cetera
  the identity you lose could be your own
</tip>

rudy



More information about the thelist mailing list