>- see footer for list info -< Jenny, > I'm prepared to risk people starting new accounts from other > pc's, not much I can do about that. We currently check for > email/cfid:cftoken/login in case they already exist.
The CFID/token check is certainly not a good check to do. There is absolutely no guarantee that a CFID/token pair, once expired on the server, will not be served out to another user. Generally the CFID/token are stored on the client PC as cookies which are refreshed on every visit, hence you see them with the same information. But what happens if they don't have cookies turned on, or flush their cookies occaisionally (like a lot of people are prone to doing)? As previously mentioned, the best way of tracking if a user has previously visited from the same machine is by having some sort of identifier that's *guaranteed* to be unique (e.g. UUID) that's stored as a cookie, which can be checked on signup to see if it's already registered. Downsides to this: again, clearing cookies will get around this problem; unles combined with some other type of check (e.g. email address) then what happens if two people who use the same computer seperately attempt to sign up? If someone is determined to created multiple registrations (although why they'd be doing that is a question...) then there's very little you can do about it. Checking against email address is one often used option -- if you decide to ban a user you can ban by email. Of course, this can be got around by using a "throwaway" Hotmail account or such. As for banning people, again if somone's determined to get back there's little you can do. I have some experience of dealing with such people and it's no fun! Various options are available, all of which have downsides: bans can be dished out using email, username, IP, some cookie based method etc -- none of these are foolproof! Anyway, I've just realised that I've been writing doom and gloom throughout this mail, so I'll leave it there! Tim. -- ------------------------------------------------------- Badpen Tech - CF and web-tech: http://tech.badpen.com/ ------------------------------------------------------- RAWNET LTD - independent digital media agency "We are big, we are funny and we are clever!" New site launched at http://www.rawnet.com/ ------------------------------------------------------- This message may contain information which is legally privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any unauthorised disclosure, copying, distribution or use of this information is strictly prohibited. Such notification notwithstanding, any comments, opinions, information or conclusions expressed in this message are those of the originator, not of rawnet limited, unless otherwise explicitly and independently indicated by an authorised representative of rawnet limited. ------------------------------------------------------- _______________________________________________ For details on ALL mailing lists and for joining or leaving lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo -- CFDeveloper Sponsors:- >- Hosting provided by www.cfmxhosting.co.uk -< >- Forum provided by www.fusetalk.com -< >- DHTML Menus provided by www.APYCOM.com -< >- Lists hosted by www.Gradwell.com -< >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
