Encrypt urltokens/session indentifiers
Status: Beta
Brought to you by:
cyberswat
Menu
▾
▴
Logged In: YES
user_id=287869
How does FormURL2Attributes do it, why not steal it off of
that?
Logged In: YES
user_id=306083
FormURL2Attributes doesn't really do anything more than
pass the cfid/token into the attributes scope. I've been
playing with this and have had a heck of a time with it.
Best I can determine is that the cfid/token get processed
somewhere before the Application.cfm ... which means that
simply decoding and then copying into the appropriate areas
doesn't work.
What I have been able to do to get it to work is set
session specific cookies that get deleted after the browser
is closed ... they reside in memory so they aren't
writeable by the end user. I had to modify the
act_Decode.cfm file to set these cookies each time the cfid
and cftoken comes out of the decode process.
I'm trying to find more info on how the backend of
cfid/token work so that I can do it strictly through urls.
Any thoughts/Suggestions anyone?
Logged In: YES
user_id=287869
Why don't you add everything to the attributes scope then?
I kind of like everything going to the attributes scope.
Maybe that is what the problem is. Maybe we should contact
the guy who made formurl so we can figure out what he did.
Logged In: YES
user_id=287869
This may be the answer, looks like the url friendly url
sets cfid and cftoken to a url variable
<cfswitch expression="#urlname#">
(caller.attributes,"#urlname#","")>
(caller.attributes,"#urlname#","#urlvalue#")>
(request.attributeslist,urlname,"&")>
(request.attributeslist,urlencodedformat(evaluate
("caller.attributes.#urlname#")),"=")>