His issue about the new token each time is mainly prompted by the issue of corporate users sharing the same IP. This is an app where there may be many users in a building accessing the site, and each will have his/her own permissions set. So he doesnt want one person having higher access than they deserve by accident. They could grant their management unit product they havent been approved for.
So it kind of makes sense. This is a product where the unit values are very high and a large organisation will buy lots of licenses, and one senior person in the organisation will allow the various operational units to have specified numbers of licenses and they'll be logging in to manage the licenses they have a right to. So he's not being silly about it, I can see where his mind is on it. Not quite sure how it's all going to work, that's the problem. Cheers Mike Kear Windsor, NSW, Australia Adobe Certified Advanced ColdFusion Developer AFP Webworks http://afpwebworks.com ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month On 2/16/07, Dinner <[EMAIL PROTECTED]> wrote: > On 2/15/07, Matt Robertson <[EMAIL PROTECTED]> wrote: > > On 2/15/07, Dinner <[EMAIL PROTECTED]> wrote: > > > Lot of work for not much difference. Might as well set the session > > > timeout really really low or something, right? > > > > If I were trying to find sanity in the desired approach, I'd first > > have to accept the fact that you *cannot* have cookies. In an > > environment where site customers are all corporate, and an entire > > building's worth of buyers could all be sharing the same cookie thanks > > to some fascist security scheme, the use of cookies can be > > catastrophic. Been there. So I understand the requirement although I > > pity to poor guy who has to comply with it. > > So we've got to keep it going from request to request, via form or url > params-- doable, but needs strict "form" to accomplish well (and length > may be an issue-- thus, the custom token). > > Or a smart "render-er", I guess. Pipe normal code thru, out comes > tokened code? Hrm... pretty damn hard to make [well =]. > > > Given that, a short session timeout would not solve the problem. If I > > was stuck passing url tokens of some kind, a continuously morphing one > > sounds like a step up from a static one; at least on the surface. > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269974 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
