Not sure how relevant or helpful this is but you could make a domain scope array to store user references and the IP associated with the user reference.
In every taf at the top you look up the IP based on the usr ref they give and if theres no entry or the IP doesnt match their real IP, you boot em to the login. ----- Original Message ----- From: "Roland A. Dumas" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, October 07, 2003 3:00 PM Subject: Re: Witango-Talk: resetting userreferencecookie > > On Tuesday, October 7, 2003, at 02:11 PM, Scott Cadillac wrote: > > > > > > > In theory you should be able to "reset" the memory space for the User > > Variables with the new key value - but my guess is just that nobody has > > taken it this far before, so the Server design might not accommodate > > it. > > Just a guess of course... > > > > > > > this is lower level than I can comprehend. Memory spaces and all. > > If someone comes in and joins a session, I want to bounce him out. > Maybe not kill the session, because it might belong to a real person. > By checking my local session cookie, I can tell if the person logged on > properly or just came running into a page or function without passing > 'go'. > > If I see someone hasn't logged on, I can trap him into a logon sequence > easily, BUT, he's still joined the session he barged in on. I can't > push him out of it. If I can't push the interloper out of a session, > then I want to kill the whole session. When the subject matter is > money, identity, or personal information, privacy & security are > paramount. I'm just trying to eliminate open doors. > > (I'd think this would be of general concern - how to bullet proof your > sessions) > > ________________________________________________________________________ > TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf
