Just a thought, but....
you could have the sending site create a unique url string variable (encrypted of course) when the user clicks on the link that goes to your page: 1. The code would look for the encrypted url string in lieu of the login credentials. 2. If it exists, then your server can send a server ping to the linking site to verify that the site created that string (and within the allotted timeframe) 3. If the return is successful, then allow the user to see the page. 4. If not, then treat them like any other user trying to access a secure page. The downfall to this is that the sending site has a tremendous control over the security on your site. An alternative would be to 1. have the encrypted string just contain a special username/passkey for each of the linking sites, combined with the time/date that the link was created on the sender's site (assuming they create it dynamically). 2. Verify the user/passkey is valid (log the activity for 'tracking' purposes, and if the time/date is within your allowed 'expiration' 3. then allow or disallow the connection. ---------- William E. Seiter Web Developer ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:296219 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
