[thesite] Back to the Drawing board for UEUE?
Rory.Plaire at wahchang.com
Rory.Plaire at wahchang.com
Fri Nov 16 15:43:50 CST 2001
| sounds like a client-side redirect to me.
| So, how is the browser not going to send the cookie headers
| on the second
| request? As you say, there is no writing to the cookie itself before
| redirection.
Ok. It looks like a 302 to me, too. But, since HTTP 1.1 doesn't specify
whether or which headers should be resent
(http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.3) it seems
like the way CF treats this is ambiguous, or... I just don't see the
pattern. For instance, I don't get my cookie construct repopulated _after_ a
cflocation. I was hoping to leverage this, but it looks too soft.
More and more, it looks like the only way to close this hole is to do
content checking on the webserver... before it hits CF.
<r/>
More information about the thesite
mailing list