Hi,
Has anyone got any solutions for preventing session hijacking in Tango?
To handle the possibility of a user having cookies turned off, we've made
sure <@USERREFERENCEARGUMENT> is added to every URL. That solution has
worked well, until recently.
One of our customers copied a URL from the site and emailed it to a number
of other people. Now, they are all sharing the same session and user
variables.
We've always known this could happen but, only with a recent increase in
traffic on the site have two users come in during the same timeframe (and
thus stomped on each others variables).
We've got a couple ideas about how to address the problem, but I'm
wondering what other approaches others have taken.
Thanks,
Eric
________________________________________________________________________
TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED]
with unsubscribe witango-talk in the message body
