no i mean this domain scope table has 2 columns, It stores user reference and IP.
when a user logs in legitamately, it makes an entry of their IP and their user reference number in this table. whenever anyone accesses a page, it looks in this table for the user reference they gave and compares that IP address with their IP address. If the user reference isnt in the table, that means you boot em to login. If the user ref is in the table but the IP in the table doesnt match the persons IP, you boot em to login if the user ref is in the table and the IPs match, your good to go. make sense? ----- Original Message ----- From: "Roland A. Dumas" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, October 07, 2003 3:25 PM Subject: Re: Witango-Talk: resetting userreferencecookie > yes, that would be creating my own user scope, wouldn't it? > > On Tuesday, October 7, 2003, at 03:08 PM, Alan Wolfe wrote: > > > Not sure how relevant or helpful this is but you could make a domain > > scope > > array to store user references and the IP associated with the user > > reference. > > > > In every taf at the top you look up the IP based on the usr ref they > > give > > and if theres no entry or the IP doesnt match their real IP, you boot > > em to > > the login. > > > > ----- Original Message ----- > > From: "Roland A. Dumas" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Tuesday, October 07, 2003 3:00 PM > > Subject: Re: Witango-Talk: resetting userreferencecookie > > > > > >> > >> On Tuesday, October 7, 2003, at 02:11 PM, Scott Cadillac wrote: > >> > >>> > >>> > >>> In theory you should be able to "reset" the memory space for the User > >>> Variables with the new key value - but my guess is just that nobody > >>> has > >>> taken it this far before, so the Server design might not accommodate > >>> it. > >>> Just a guess of course... > >>> > >>> > >> > >> > >> this is lower level than I can comprehend. Memory spaces and all. > >> > >> If someone comes in and joins a session, I want to bounce him out. > >> Maybe not kill the session, because it might belong to a real person. > >> By checking my local session cookie, I can tell if the person logged > >> on > >> properly or just came running into a page or function without passing > >> 'go'. > >> > >> If I see someone hasn't logged on, I can trap him into a logon > >> sequence > >> easily, BUT, he's still joined the session he barged in on. I can't > >> push him out of it. If I can't push the interloper out of a session, > >> then I want to kill the whole session. When the subject matter is > >> money, identity, or personal information, privacy & security are > >> paramount. I'm just trying to eliminate open doors. > >> > >> (I'd think this would be of general concern - how to bullet proof your > >> sessions) > >> > >> ______________________________________________________________________ > >> __ > >> TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf > > > > _______________________________________________________________________ > > _ > > TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf > > > > ________________________________________________________________________ > TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf
