I'm trying to think of a way not to allow people to inadvertedly share a session by sending each other a url with their cfid and cftoken in it. Of course we can just make sure that those are not passed as url parameters, but I'm thinking if there's a way to check if this is a session initiated by someone else. Do you guys have any ideas?
Thanks ______________________________________________________________________ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
