Thanks for the advice Viktor, i decided on Client.URLToken which uses cfid + cftoken
we just need to make sure the correct customer is passed back from our payment gateway - then directing them to the correct link to download an online presentation. Passwords and instructions will be sent by email anyway, i was just trying to add some redundancy for (flakey) cfmail ;) steve ----- Original Message ----- From: <[EMAIL PROTECTED]> To: "CFAussie Mailing List" <[EMAIL PROTECTED]> Sent: Thursday, March 13, 2003 9:36 AM Subject: [cfaussie] Re: IP address? | | This email is to be read subject to the disclaimer below. | | Hi Steve, | | The best (but still not bulletproof) method for identifying a session I can | think of is to have a session ID and some kind of unique identifier (token) | to stop people from guessing the session IDs of other people. This is the | method CF uses for session tracking as well. | | Alternately you could just use the unique identifier / token only, the | reason why the SessionID is a relatively small number is to make lookups | easier. The overall difficulty of guessing a session is the lenght (and | type ie integer or string) of SessionID plus the lenght (and type) of | token. | | What are you trying to do? | | Viktor Radnai | Web Developer, National E-Commerce, Ernst & Young | Direct: +61 2 9248 4361 | | | | | "Steve Soars" <[EMAIL PROTECTED]> | Sent by: To: "CFAussie Mailing List" <[EMAIL PROTECTED]> | [EMAIL PROTECTED] cc: | mon.com.au Subject: [cfaussie] Re: IP address? | | 13/03/2003 09:46 AM | Please respond to "CFAussie | Mailing List" | | | | | | thanks guys - onto the next plan....... | | steve | ----- Original Message ----- | From: "Ben Bishop" <[EMAIL PROTECTED]> | Newsgroups: cfaussie | To: "CFAussie Mailing List" <[EMAIL PROTECTED]> | Sent: Wednesday, March 12, 2003 10:37 PM | Subject: [cfaussie] Re: IP address? | | | | >> Is it possible to have the ip addresses change without an internet | | reconnection? | | | | > Probably not, but even if it happens, it's not as bad as the previous | | situation. Worst case, the user thinks he's lost a session (redirected to | | login page maybe). | | | | Depending on the user's ISP proxy architecture, a user's session might be | | sent through several different proxy servers resulting in a different IP | per | | request. I think AOL are an example. | | | | You might check your logs to see if there are any obvious cases with | | exisiting users. | | | | regards, | | | | Ben | | | | | | | | --- | | You are currently subscribed to cfaussie as: [EMAIL PROTECTED] | | To unsubscribe send a blank email to | [EMAIL PROTECTED] | | | | MX Downunder AsiaPac DevCon - http://mxdu.com/ | | | | | | --- | You are currently subscribed to cfaussie as: | [EMAIL PROTECTED] | To unsubscribe send a blank email to | [EMAIL PROTECTED] | | MX Downunder AsiaPac DevCon - http://mxdu.com/ | | | | | -------------------- | NOTICE - This communication contains information which is confidential and | the copyright of Ernst & Young or a third party. | | If you are not the intended recipient of this communication please delete | and destroy all copies and telephone Ernst & Young on 1800 655 717 | immediately. If you are the intended recipient of this communication you | should not copy, disclose or distribute this communication without the | authority of Ernst & Young. | | Any views expressed in this Communication are those of the individual | sender, except where the sender specifically states them to be the views of | Ernst & Young. | | Except as required at law, Ernst & Young does not represent, warrant and/or | guarantee that the integrity of this communication has been maintained nor | that the communication is free of errors, virus, interception or | interference. | | Liability limited by the Accountants Scheme, approved under the | Professional Standards Act 1994 (NSW) | -------------------- | | | | | --- | You are currently subscribed to cfaussie as: [EMAIL PROTECTED] | To unsubscribe send a blank email to [EMAIL PROTECTED] | | MX Downunder AsiaPac DevCon - http://mxdu.com/ | --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MX Downunder AsiaPac DevCon - http://mxdu.com/
