This would suck, but you could turn every link into a form. That way the ref wouldn't ben in the URL.
Mike Eric Weidl wrote: > > Hi, > > Has anyone got any solutions for preventing session hijacking in Tango? > > To handle the possibility of a user having cookies turned off, we've made > sure <@USERREFERENCEARGUMENT> is added to every URL. That solution has > worked well, until recently. > > One of our customers copied a URL from the site and emailed it to a number > of other people. Now, they are all sharing the same session and user > variables. > > We've always known this could happen but, only with a recent increase in > traffic on the site have two users come in during the same timeframe (and > thus stomped on each others variables). > > We've got a couple ideas about how to address the problem, but I'm > wondering what other approaches others have taken. > > Thanks, > > Eric > > ________________________________________________________________________ > TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] > with unsubscribe witango-talk in the message body -- Mike Tyranski Lynch2 p: 847.608.6900 f: 847.608.9501 http://www.lynch2.com ________________________________________________________________________ TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] with unsubscribe witango-talk in the message body
