Eric, Are they accessing the site and then immediately emailing others the link? I would think if you tried to use a link where the user reference was more than X minutes old, that particular user reference would have expired. In other words, you shouldn't be able to use that link indefinitely. How do you know if a particular user reference is valid? IMHO, if they don't have session cookies turned on, they aren't living in this decade. Passing user references like this is a maintenance nightmare.
Mike Eric Weidl wrote: > > Hi, > > Has anyone got any solutions for preventing session hijacking in Tango? > > To handle the possibility of a user having cookies turned off, we've made > sure <@USERREFERENCEARGUMENT> is added to every URL. That solution has > worked well, until recently. > > One of our customers copied a URL from the site and emailed it to a number > of other people. Now, they are all sharing the same session and user > variables. > > We've always known this could happen but, only with a recent increase in > traffic on the site have two users come in during the same timeframe (and > thus stomped on each others variables). > > We've got a couple ideas about how to address the problem, but I'm > wondering what other approaches others have taken. > > Thanks, > > Eric > > ________________________________________________________________________ > TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] > with unsubscribe witango-talk in the message body -- Mike Tyranski Lynch2 p: 847.608.6900 f: 847.608.9501 http://www.lynch2.com ________________________________________________________________________ TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] with unsubscribe witango-talk in the message body
