Isaac, it was no criticism at all of you or anyone else here, so please don't take it that way. The client is a consumer rights organization, and they attract the people who are worried about being tracked and followed. The organization is a leading activist in privacy issues.
98% of the users are no problem, because they don't have their personal firewalls set to super-paranoia level. It's no good me attempting to tell the client that the other 2% can be disregarded, the way we did with the Netscape1.0 and IE1.0 users so we can use CSS. It happens that half the board members of the client have their personal firewalls set to stun so they can't get access to parts of their own site! Tell a board member that he doesn't count why don'tcha! <g> I'm going to have a more in-depth look at how the .asp actually tracks and validates the users. Maybe the approach might be to reproduce what it does in CF rather than try to pick up the .asp's client vars. Incidentally the reason we have both CF and .asp on the site is I inherited a site built in .asp with a considerable investment already spent, and convinced the client that CF was the way to go for the future. They continued with the work already done and we began building new apps in CF. Small fixes and tinkering has been done in .asp but new stuff has been done in CF. The two biggest components of the .asp are the content management system and the shop. Thanks for all your help friends. I'm still eager to hear if anyone has any bright ideas how I can do this, if you think I've overlooked something. Cheers, Mike Kear Windsor, NSW, Australia AFP WebWorks -----Original Message----- From: S. Isaac Dealey [mailto:[EMAIL PROTECTED]] Sent: Thursday, 18 July 2002 1:23 PM To: CF-Talk Subject: RE: Using session vars created by .asp shop .. possible? > Has anyone actually done it - pick up session vars > created by an .asp application? I get the impression > that the answers I'm reading are not based on > experience but on theory. You're probably mostly right... I know that I haven't had to do this in the past and I don't expect to any time soon... Most sites are built on a single application server if any, so most developers never have to deal with this particular problem personally... But then your problem is compounded by that whole paranoia thing which is one of the unfortunate truths about the myths about the internet that makes our jobs ( all our jobs ) more difficult... The lack of an http_referrer or any other cookie or variable however innocuous could be a big problem for any developer, regardless of their server platform or how many types of servers they are using. And it all stems from that basic human fear of the unknown ( the internet ) and people being missinformed and thinking that somehow having an identifying mark on their computer that allows the server to maintain a session on a given website will somehow also allow the webmaster to follow their online activities and eventually get access to all their credit card numbers, their social security info ( I know you're in AU, it's a dif. system there ), medical history, shopping habbits and hidden-camera photos of them in the toilet. </RANT></SOAPBOX></PEEVE> The long and the short of it is that it's a tough problem for many of us. We may not be able to provide much more than theory, and in the end, none of our solutions may be particularly good at dealing with this problem. We do what we can tho. :) Isaac www.turnkey.to 954-776-0046 ______________________________________________________________________ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
