I would suggest: Do a search on the url id and verify the current user is allowed to access it, if they are then set a session variable like 'session.lastticket', if they are not allowed, then do a search for the 'session.lastticket' if it exists. Last resort cflocation them to the home page.
This won't stop them from changing the url variable, but it will stop them from viewing unauthorized info. William ---------------------------------- William Seiter ColdFusion Web Developer / Consultant http://william.seiter.com Have you ever read a book that changed your life? Go to: http://www.winninginthemargins.com Use PassKey: GoldenGrove You'll be glad you did. ::-----Original Message----- ::From: Bruce Sorge [mailto:[EMAIL PROTECTED] ::Sent: Tuesday, May 06, 2008 3:21 PM ::To: CF-Talk ::Subject: Preventing user from changing ID number in URL :: ::Howdy all, ::My help desk site I am building uses a URL variable for the ticket ID ::when the admin or user is viewing details, and I seem to recall reading ::somewhere that you can write your code so that if the user decides to ::change the ID number in the URL, it will default to the one they ::originally opened, thus keeping the user from viewing other tickets ::unless they go back and click on another one to open. Does anyone recall ::where this example is? I did a quick search but could not find it. :: ::Thanks, :: ::Bruce :: :: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:304833 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
