I believe we have found a solution.
Since our webserver authenticates, we can get
the actual User's LogonId (i.e., of User B in
the example below) as follows:
CSpValue UserName = CSpider.getWebEnvVar (CSpVars.REMOTE_USER);
Now we can compare between the actual user and the user associated with the Spider
Session. If they differ, we have detected a
Session that does not belong to this user. In effect, we detected an URL that was
mailed from some other user.
Thanks for your response, if you sent any.
"Vivek Anumolu" <[EMAIL PROTECTED]> wrote:
>
>Please consider the following situation which we are currently facing:
>
>1. User A shares his page with User B by mailing the link.
>
>2. User B authenticates himself with the webserver.
>
>3. User B clicks on the link before the session times out. He is now able to look at
>the information of User A rather than his own information because the Session
>information is part of the URL.
>
>Is there a way to force the ND (version 4.10) Application Server to give the
>application the user profile of User B rather than that of User A?
>
>thanks.
>[EMAIL PROTECTED]
_________________________________________________________________________
To unsubscribe from this mailing list please send an email to:
[EMAIL PROTECTED]
Please remember to use the same email address you subscribed with.
For help in using, subscribing, and unsubscribing to the discussion
forums, please go to: http://www.netdynamics.com/support/visitdevfor.html
For dire need help, email: [EMAIL PROTECTED]
