In the cffunction tag in a CFC function that returns data to an Ajax client, specify a verifyClient attribute with a value of yes.
The VerifyClient function and attribute tell ColdFusion to require an encrypted security token in each request. To use this function, enable client management or session management in your application; otherwise, you do not get an error, but ColdFusion does not verify clients.
Enable client verification only for code that responds to ColdFusion Ajax client code, because only the ColdFusion Ajax library contains the client-side support code. Enabling client verification for clients other than ColdFusion Ajax applications can result in the client application not running.
Before you ask, session and client management is on, cfadmin is set up properly, I am logged in, I display my sessionid and urltoken at bottom of pages on development server, all is good, exept this of course.
AJAX call:
$.ajax({
url: 'somecrap.cfc?method=validateForm&' + Math.random() ,
data: someparameters,
type: 'POST',
dataType: 'json',
async: false,
cache: false
})
CFC function header:
<cffunction name="validateForm" access="remote" verifyclient="true" returntype="Array" output="false" returnformat="json">
Result:
You must have a valid login to access this page.
Client verification failure.
I hope someone can asist, otherwise I will have to rewrite all our applicaitons not use these types of Ajax calls any longer, as they are easily exploited by even the 'novice' hacker now-a-days.