cffunction, Improving security in Ajax programming rules and techniques in the Developing ColdFusion Applications
ColdFusion 8: Added this function.
Does not take any parameters
Use this function to help prevent security attacks where an unauthorized party attempts to perform an action on the server, such as changing a password. As a general rule, use this feature for Ajax requests to the server to perform sensitive actions, such as updating passwords.If you call this function, you must enable client management or session management in your application; otherwise, you do not get an error, but ColdFusion does not verify clients. Use this function only on pages that respond to client-side ColdFusion Ajax features, such as bind expressions. These features include code that correctly sends the security token when needed.