• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Tracking the CFTOKEN

Contributor ,
Dec 11, 2011 Dec 11, 2011

Copy link to clipboard

Copied

Hello,

How do I track the CFTOKEN of a logged in user through out the whole site.

I have seen cases where the CFTOKEN is passed through as a FORM submit from page to page.

Is this a proper way to track the CFTOKEN?

Thanks

Views

1.4K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Dec 11, 2011 Dec 11, 2011

Copy link to clipboard

Copied

Yes, that is one way to track session tokens, of which CFTOKEN is one. But I can think of a more convenient way.

Enable application and session variables in the ColdFusion Administrator. If you're using Application.cfm, apply something like

<cfapplication applicationTimeout="#createTimespan(1,0,0,0)#" sessionTimeout="#createTimespan(0,0,20,0)#" sessionManagement="yes" loginStorage="session">

If using Application.cfc, apply

<cfset this.applicationTimeout="#createTimespan(1,0,0,0)#">

<cfset this.sessionTimeout="#createTimespan(0,0,20,0)#">

<cfset this.sessionManagement="yes">

<cfset this.loginStorage="session">

Then, if you use <cflogin> and <cfloginuser> to log the user in, ColdFusion will automatically maintain the user's CFID and CFToken as the user navigates from page to page, until the user logs out or until his session expires.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Contributor ,
Dec 11, 2011 Dec 11, 2011

Copy link to clipboard

Copied

The Site is not using a <cflogin> and <cfloginuser>.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Dec 11, 2011 Dec 11, 2011

Copy link to clipboard

Copied

How then does the site log the user in?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advocate ,
Dec 11, 2011 Dec 11, 2011

Copy link to clipboard

Copied

Do you have session management enabled?  If so, the CFToken is in the user's session and is already being tracked. The CFID and CFToken cookies are already passed on each request.

If you don't have session management enabled, why not?

Passing tokens on every request is a GINORMOUS PITA. You don't want to have to do that.

Jason

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Dec 11, 2011 Dec 11, 2011

Copy link to clipboard

Copied

12Robots wrote:

Passing tokens on every request is a GINORMOUS PITA.

Let alone tying the tokens with authentication.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Dec 12, 2011 Dec 12, 2011

Copy link to clipboard

Copied

I think it sounds like he wants a new session for each browser/tab etc.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advocate ,
Dec 12, 2011 Dec 12, 2011

Copy link to clipboard

Copied

In my personal opinion, that is madness.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Dec 12, 2011 Dec 12, 2011

Copy link to clipboard

Copied

LATEST

Agree, I've only ever seen real justification for this once, in my entire career.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation