What do you mean, maintained on the client?
-----Original Message----- From: Jochem van Dieten [mailto:[EMAIL PROTECTED]] Sent: Friday, December 13, 2002 7:44 AM To: CF-Talk Subject: RE: Login/Password screen Quoting Craig Dudley <[EMAIL PROTECTED]>: > > Create a session variable, set it to 0, and after every failed > login attempt increment it by 1, if it reaches 3, don't show the login > screen but a locked out screen instead. After their session times out, > they will be able to try again however. Sessions, although stored on the server, are maintained on the client. Ergo, insecure. Use an IP address. Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com
