We need to allow our users to have access to one or more company's data at a given time. This is done through our application interface, but in essance would require a separate instance of the application for each company. I'm looking for ideas how to do this.
The problem is this: We put company specific information into client variables. Opening a second company would overwrite the first's client vars. Previous contractors began looking at this issue, but did not complete it. They were passing a generated token on each call to new windows. However, from an implentation standpoint, the end user may change the URL parameter for the token (hacking), and the token was generated by simple math that may or may not have been sufficient to come up with a unique ID. One of our developers here has suggested using a database table in some way. Before we go down that road, I'm hoping to get some feedback on how others have handled this. Are these the only two feasible options? Placing a token of somesort in the URL parameters or Taking a database hit on each new page/window? I guess we can get into dynamic naming of cookies, but I think managing that would be a large issue. Thanks in advance for any ideas. Shawn Grover ______________________________________________________________________ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
