Great suggestion. Thanks, Mark
-----Original Message----- From: Jesse Houwing [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 8:57 AM To: CF-Talk Subject: Re: Using Session Vars without Cookies Mark Leder wrote: >Hi all, >I want to prevent session swapping in an app. >When creating a new session structure, is it a good idea to name a >key/value pair as a SESSION.URLToken, and then when passing the >URLtoken between pages (as appended to the URL), do a check to match >the physical URLtoken = SESSION.URLtoken? Or is this taken care of in >the background? > > > The best way I found was to store the current IP/Useragent in the session variables and check them with every request. If they didn't match the current users ip/ua just throw them out. Jesse ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
