First of all cookies would not be the way to go here, as others have mentioned it can be gotten around to start with by deleting the cookie. Banning the ip would only ban all from that ip if its behind a firewall or even on a DHCP server.
The solution although it still relies on cookies, and as you already have a login section anyway would be to add extra fields to your database, failed attempts and last login. Now when the failed attempt is 3 and they successfully log into the system then you check the date they last logged into the system if it was less than 30 mins then ban them, if it is more than 30 mins then you can reset this login date to the current time. Now I would also place a check into the code that if the successful login follows a failed attempt of 1 or 2 then I would reset this bag to zero. That would be a better solution, but still has its flaws. Regards Andrew Scott Technical Consultant NuSphere Pty Ltd Level 2/33 Bank Street South Melbourne, Victoria, 3205 Phone: 03 9686 0485 - Fax: 03 9699 7976 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sameer Kekade Sent: Monday, 17 January 2005 12:08 PM To: CFAussie Mailing List Subject: [cfaussie] Cookies anyone? Importance: High Hey all, Is there any way to make a cookie expire after 30 minutes? I want to prevent the user from logging into the website after x number of failed attempts for at least 30 mins on that machine. Does any body know how to achieve this?? Another approach could be logging and blocking by the IP ADDRESS of client machine, but I think this is a bit unreliable since an IP address could be shared for different machines. Warm Regards, Sameer S. Kekade. --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Aussie Macromedia Developers: http://lists.daemon.com.au/ --- You are currently subscribed to cfaussie as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED] Aussie Macromedia Developers: http://lists.daemon.com.au/
