Hi Stefan, > It seems to me then that the system would be more secure if the > Witango server always assigns a new userref when encountering > an old expired one when cookies are off rather than reusing the old > one. > Does this make sense to anyone?
No. Your solution is more complex that it needs to be. The Witango server should never, under any condition, be concerned that cookies are disabled. Your code, on the other hand, may want to be concerned with cookies - but that's another matter. > It would be great if With joins in at some point and explains how > the server actually is designed to work in these scenarios. I can't speak for them, but I can tell you they have been involved more than once in this discussion (which we've had more than once). The conclusion, as best as I can summarize (and the way I see it), is: The <@USERREFERENCEARGUMENT> metatag has been depreciated to a level of functionality that provides some user convenience but nothing more - and that newer versions of the Witango Server architecture gives this metatag a lower level of precedence during session evaluation. Basically, stop using <@USERREFERENCEARGUMENT>. ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
