How do I track the CFTOKEN of a logged in user through out the whole site.
I have seen cases where the CFTOKEN is passed through as a FORM submit from page to page.
Is this a proper way to track the CFTOKEN?
Yes, that is one way to track session tokens, of which CFTOKEN is one. But I can think of a more convenient way.
Enable application and session variables in the ColdFusion Administrator. If you're using Application.cfm, apply something like
<cfapplication applicationTimeout="#createTimespan(1,0,0,0)#" sessionTimeout="#createTimespan(0,0,20,0)#" sessionManagement="yes" loginStorage="session">
If using Application.cfc, apply
Then, if you use <cflogin> and <cfloginuser> to log the user in, ColdFusion will automatically maintain the user's CFID and CFToken as the user navigates from page to page, until the user logs out or until his session expires.
Do you have session management enabled? If so, the CFToken is in the user's session and is already being tracked. The CFID and CFToken cookies are already passed on each request.
If you don't have session management enabled, why not?
Passing tokens on every request is a GINORMOUS PITA. You don't want to have to do that.