----- Original Message ----- From: "Barry Beattie" <[EMAIL PROTECTED]> To: "CFAussie Mailing List" <[EMAIL PROTECTED]> Sent: Monday, June 28, 2004 3:25 PM Subject: [cfaussie] RE: End Session
>> (assuming the user had left the site or closed the browser): check CGI.HTTP_REFERER >but you don't have to (muck around with http_referer - which in not 100% >reliable and can be a PITA to put in place) You are correct, you don't have to. But it works, as I used it effectively about 4 years ago when I needed to. If you are tracking a user's session in a an application sub-directory and do not wish to clear the session but just log someone out of an application, the work-around you mentioned fails - the cookie exists still. And we had to handle that scenario also. Ok, so it's not strictly answering a "how do i end a session" question, but the spirit "how do i stop someone using someone else's login/session" still stands. IIS/IE has never failed to provide the REFERER information so far in my experience. > IMHO, the link I gave to a work-around is an OK way to do it I think the way I have suggested is also an OK way to do it. I also think that the more ideas presented to the list, and the more varied the solutions presented, the better. Aaron --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Aussie Macromedia Developers: http://lists.daemon.com.au/
