CLFraser wrote:
Some developer coded everything he did using jQuery Ajax instead of using the simple to use <cfajaxproxy> or even the cryptic ColdFusion.AjaxProxy.invoke method.
Some very wise developer. CF's Ajax tools suck. jQuery doesn't. You don't need to "rework" anything, you just need to add your own client verification to prevent XSRF attack. Note that verifyClient does NOT replace havign proprer authenticated access via proper session management, it only ensures that the request is being made from the place you expect it to be made from.
jason