Skip to main content
U
umuayo
Inspiring
December 11, 2011
Question

Tracking the CFTOKEN

  • December 11, 2011
  • 3 replies
  • 1716 views

Hello,

How do I track the CFTOKEN of a logged in user through out the whole site.

I have seen cases where the CFTOKEN is passed through as a FORM submit from page to page.

Is this a proper way to track the CFTOKEN?

Thanks

    This topic has been closed for replies.

    3 replies

    P
    parkerst
    Inspiring
    December 13, 2011

    I think it sounds like he wants a new session for each browser/tab etc.

    12Robots
    12Robots
    Participating Frequently
    December 13, 2011

    In my personal opinion, that is madness.

    P
    parkerst
    Inspiring
    December 13, 2011

    Agree, I've only ever seen real justification for this once, in my entire career.

    12Robots
    12Robots
    Participating Frequently
    December 11, 2011

    Do you have session management enabled?  If so, the CFToken is in the user's session and is already being tracked. The CFID and CFToken cookies are already passed on each request.

    If you don't have session management enabled, why not?

    Passing tokens on every request is a GINORMOUS PITA. You don't want to have to do that.

    Jason

    BKBK
    Community Expert
    BKBKCommunity Expert
    Community Expert
    December 11, 2011

    12Robots wrote:

    Passing tokens on every request is a GINORMOUS PITA.

    Let alone tying the tokens with authentication.

    BKBK
    Community Expert
    BKBKCommunity Expert
    Community Expert
    December 11, 2011

    Yes, that is one way to track session tokens, of which CFTOKEN is one. But I can think of a more convenient way.

    Enable application and session variables in the ColdFusion Administrator. If you're using Application.cfm, apply something like

    <cfapplication applicationTimeout="#createTimespan(1,0,0,0)#" sessionTimeout="#createTimespan(0,0,20,0)#" sessionManagement="yes" loginStorage="session">

    If using Application.cfc, apply

    <cfset this.applicationTimeout="#createTimespan(1,0,0,0)#">

    <cfset this.sessionTimeout="#createTimespan(0,0,20,0)#">

    <cfset this.sessionManagement="yes">

    <cfset this.loginStorage="session">

    Then, if you use <cflogin> and <cfloginuser> to log the user in, ColdFusion will automatically maintain the user's CFID and CFToken as the user navigates from page to page, until the user logs out or until his session expires.

    U
    umuayoAuthor
    Inspiring
    December 11, 2011

    The Site is not using a <cflogin> and <cfloginuser>.

    BKBK
    Community Expert
    BKBKCommunity Expert
    Community Expert
    December 11, 2011

    How then does the site log the user in?

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices