Dov... Point #1: How does setting a client var work when the page is not "refreshed"? The user is only hitting the back button. :) Point #2: Will the HTTP_REFERRER always be there? Don't some proxy servers/firewalls strip these values? I was thinking of using an IP address check. Would that make more sense?
~Che. -----Original Message----- From: Katz, Dov B (IT) [mailto:[EMAIL PROTECTED] Sent: Monday, March 13, 2006 2:04 PM To: CF-Talk Subject: RE: Re-Send: Preventing "Cou-pon" Generation Fraud. 1) You can set a session variable or client variable to say "ALREADY_SUBMITTED" and disable form, or block submission if that cookie is sent 2) You can check for HTTP_REFERRER to make sure the form was submitted from a page on your site... Obviously someone can write a custom http client to get around both of these, but would someone go through all the trouble to get discounts for your site? dov ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:235249 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
