You can set the session timeout to about 45 minutes and it should work.. if they try to submit the page using the same session the next day, it will time out.
At 08:48 AM 2/16/2013, Rick Faircloth wrote: >What would be an appropriate length of time for a session variable >for a hacker who's doing what you described: > >"If they read in the form page and then submit it using a script for >many days without re-reading the original form it will appear to the >server that they took days to fill." > >Would the same hold true for session session variables? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354555 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
