views:

291

answers:

5

Is there any good reason why the default for this tag would be yes? It seems to be that it should almost always be no. I am missing something?

+10  A: 

If I recall correctly, the only reason for it being that way is for some backward compatibility issues way back in something like version 1.0 where originally, you had to always pass that information around to maintain your application state.

When the technology moved on, they added the addtoken attribute but left the default so it wouldn't break a bunch of existing code. Now, it's sort of like our appendix and is not used for much. They could probably change the default at this point without much impact.

anopres
yeah, back in the 90's you couldn't count on the user having cookies enabled. today, it'd be rare to find a user with cookies disabled, and those users are probably used to apps being broken for them.
Kip
so why hasn't it changed? Coldfusion is on version 8 with 9 and 10 on the way. It just seems like in the last decade they would have made the switch. Anybody who is running code from Coldfusion 1.0 wouldn't be using the newer versions anyway.
Jason
+4  A: 

Allaire, Macromedia and now Adobe are all very keen on maintaining backwards compatibility of feature in the language, so this is probably why its still set this way.

I expect it wouldn't be considered of particularly high importance to "fix", as its not difficult to add the attribute to your tag and would also be counter to backwards compatibility.

If you feel very strongly about this, why not wish list it? http://www.adobe.com/go/wish/

Instead of using the wish list, which just sends a mass email, you should use the new public bug/feature request database: http://cfbugs.adobe.com/cfbugreport/flexbugui/cfbugtracker/main.html
Adam Tuttle
+1  A: 

you can always make your own custom tag or cfc that wraps cflocation and internally just passes the url to a cflocation with the addtoken set to false. it would be easy to then do a find a replace on <cflocation -> <cflocation_nosuck

I proposed a few years ago to Adobe to add a configuration setting for it. Im sure the request is still alive somewhere in their system but pestering them again would be great.

ryber
A: 

You should record your concern here: COLDFUSION BUG DATABASE http://bit.ly/AFhRy

also

You should bring it to the attention of these guys as well: CFML Advisory Committee http://bit.ly/1fXxX6

A: 

commenting further, in older versions of CF, you needed to pass the tokens in the URL to do session related "Stuff" ... as I recall.

Jay