Thanks for the advice Viktor,

i decided on Client.URLToken which uses cfid + cftoken

we just need to make sure the correct customer is passed back from our
payment gateway - then directing them to the correct link to download an
online presentation. Passwords and instructions will be sent by email
anyway, i was just trying to add some redundancy for (flakey) cfmail ;)

steve


----- Original Message -----
From: <[EMAIL PROTECTED]>
To: "CFAussie Mailing List" <[EMAIL PROTECTED]>
Sent: Thursday, March 13, 2003 9:36 AM
Subject: [cfaussie] Re: IP address?


|
| This email is to be read subject to the disclaimer below.
|
| Hi Steve,
|
| The best (but still not bulletproof) method for identifying a session I
can
| think of is to have a session ID and some kind of unique identifier
(token)
| to stop people from guessing the session IDs of other people. This is the
| method CF uses for session tracking as well.
|
| Alternately you could just use the unique identifier / token only, the
| reason why the SessionID is a relatively small number is to make lookups
| easier. The overall difficulty of guessing a session is the lenght (and
| type ie integer or string) of SessionID plus the lenght (and type) of
| token.
|
| What are you trying to do?
|
| Viktor Radnai
| Web Developer, National E-Commerce, Ernst & Young
| Direct:  +61 2 9248 4361
|
|
|
|
|                     "Steve Soars" <[EMAIL PROTECTED]>
|                     Sent by:                              To:
"CFAussie Mailing List" <[EMAIL PROTECTED]>
|                     [EMAIL PROTECTED]        cc:
|                     mon.com.au                            Subject:
[cfaussie] Re: IP address?
|
|                     13/03/2003 09:46 AM
|                     Please respond to "CFAussie
|                     Mailing List"
|
|
|
|
|
| thanks guys - onto the next plan.......
|
| steve
| ----- Original Message -----
| From: "Ben Bishop" <[EMAIL PROTECTED]>
| Newsgroups: cfaussie
| To: "CFAussie Mailing List" <[EMAIL PROTECTED]>
| Sent: Wednesday, March 12, 2003 10:37 PM
| Subject: [cfaussie] Re: IP address?
|
|
| | >> Is it possible to have the ip addresses change without an internet
| | reconnection?
| |
| | > Probably not, but even if it happens, it's not as bad as the previous
| | situation. Worst case, the user thinks he's lost a session (redirected
to
| | login page maybe).
| |
| | Depending on the user's ISP proxy architecture, a user's session might
be
| | sent through several different proxy servers resulting in a different IP
| per
| | request. I think AOL are an example.
| |
| | You might check your logs to see if there are any obvious cases with
| | exisiting users.
| |
| | regards,
| |
| | Ben
| |
| |
| |
| | ---
| | You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
| | To unsubscribe send a blank email to
| [EMAIL PROTECTED]
| |
| | MX Downunder AsiaPac DevCon - http://mxdu.com/
| |
|
|
|
| ---
| You are currently subscribed to cfaussie as:
| [EMAIL PROTECTED]
| To unsubscribe send a blank email to
| [EMAIL PROTECTED]
|
| MX Downunder AsiaPac DevCon - http://mxdu.com/
|
|
|
|
| --------------------
| NOTICE - This communication contains information which is confidential and
| the copyright of Ernst & Young or a third party.
|
| If you are not the intended recipient of this communication please delete
| and destroy all copies and telephone Ernst & Young on 1800 655 717
| immediately. If you are the intended recipient of this communication you
| should not copy, disclose  or distribute this communication without the
| authority of Ernst & Young.
|
| Any views expressed in this Communication are those of the individual
| sender, except where the sender specifically states them to be the views
of
| Ernst & Young.
|
| Except as required at law, Ernst & Young does not represent, warrant
and/or
| guarantee that the integrity of this communication has been maintained nor
| that the communication is free of errors, virus, interception or
| interference.
|
| Liability limited by the Accountants Scheme, approved under the
| Professional Standards Act 1994 (NSW)
| --------------------
|
|
|
|
| ---
| You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
| To unsubscribe send a blank email to
[EMAIL PROTECTED]
|
| MX Downunder AsiaPac DevCon - http://mxdu.com/
|



---
You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]

MX Downunder AsiaPac DevCon - http://mxdu.com/

Reply via email to