Methods to set a session token by url
I'm writing up a secu开发者_JAVA技巧rity document and it would be great if programmers in other languages than PHP could chime in on (perhaps the default) way sessions are passed by URL in their language's default session handler.
eg. PHPSESSION=token in PHP
Oh, and if yes does it also use cookies?
ColdFusion has CFID and CFTOKEN by default in cookie but possible in URL.
Aurelien isn't wrong, but you're probably better off using the built-in URLtoken session variable:
someapp.login.cfm?urltoken=#session.urltoken#
Or, perhaps better, the generic SessionID
someapp.login.cfm?SessionID=#session.SessionID#
See: Adobe ColdFusion 9 References - Standard Session Variables
精彩评论