thanks
-reed
>Reed,
> I've done a similar thing having users to site B login which
>authenticates the users by accessing a web-service on site A. You could also
>have the web-service return if the user's IP is in your allowed set of IPs.
>
>Greg
>
>-----Original Message-----
>From: Reed Powell [mailto:[EMAIL PROTECTED]
>Sent: Sunday, June 27, 2004 12:32 PM
>To: CF-Talk
>Subject: Control over HTTP_REFERER?
>
>I've waited to the last minute on something that I thought was going to be
>simple.
>
>
>
>I'm working with a local genealogy society to allow their members to access
>a research facility that the society subscribes to. The rules of the game
>are that the society has to authenticate the users and limit the access to
>just their members - they cannot open it up to the world. The research
>facility uses the http_referer variable to determine if the request is
>coming from the society's website.
>
>
>
>Well, as far as I can tell, any means I use of sending the logged-in and
>properly authenticated user to the research facility's site (HREF,
>CFLOCATION, response.redirect) is going to have an http_referer value of the
>user, not the website. Since the users can come from anywhere (home, work,
>library, Aunt Matilda's, etc etc), there's no way I can see to send a list
>of all possible user IPs to the research facility.
>
>
>
>Any ideas on how to get out of this pickle? I don't think that CFHTTP is an
>answer, since there is going to be a lot of cookie, _javascript_ and image
>traffic between the user and the research site. I'm supposed to have this
>up and running on 1-July!
>
>
>
>Thanks
>
>-reed
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
