Well, like I said, you could run a referer test to see if the individual is coming in from the outside world, or whether this is an internal link.
<CFPARAM NAME="ReferTest" DEFAULT=0 TYPE="numeric"> <CFIF NOT CompareNoCase(left(CGI.HTTP_Referer,19),"http://mydomain.com";)> <CFSET variables.ReferTest = 1> </CFIF> <CFIF NOT CompareNoCase(left(CGI.HTTP_Referer,23),"http://www.mydomain.com";)> <CFSET variables.ReferTest = 1> </CFIF> <CFIF NOT CompareNoCase(left(CGI.HTTP_Referer,24) EQ "https://www.mydomain.com";)> <CFSET variables.ReferTest = 1> </CFIF> <CFIF NOT Compare(variables.ReferTest,"0") OR NOT Compare(cgi.http_referer,"")> <!--- uh. oh. Reset the session ID ---> </CFIF> Personally I handle this differently in that I use CF_SessionMonger, which is definitely not for everyone but works great for me. --------------------------------------- Matt Robertson [EMAIL PROTECTED] MSB Designs, Inc., www.mysecretbase.com --------------------------------------- ---------- Original Message ---------------------------------- from: James Sleeman <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] date: Thu, 01 Nov 2001 13:23:03 +1300 At 05:47 PM 10/31/2001, you wrote: > You're >also going to have to make sure that, since you are exposing the urltoken, >that you take steps to see to it that users sharing links don't also share >sessions. Maybe run a referrer test or something, and issue a new urltoken >if the referrer is blank or from another site. I asked a question about this very subject on the list a while back ("Clearing/reseting CFID/CFTOKEN"), and didn't really get any answer as to how to go about this. You have a way ? ---------- James Sleeman Innovative Media Ltd Phone: (03) 377 6262 http://www.websolutions.co.nz/ CAUTION: The information contained in this email message is confidential and may be legally privileged. If the reader of this message is not the intended recipient you are notified that any use, dissemination, distribution or reproduction of this message is prohibited. If you have received this message in error please notify the sender immediately and destroy the original message and any attachments. Views expressed in this communication may not be those of Innovative Media Ltd. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
