Hi Stefan, > Your examples are clear assuming that the Witango server doesn't care > that a userref has expired and just reuses it. To me, that is where the > problem > lies. If session cookies are disabled, the server should still be able > to > determine > that UserRefA was an old expired one and assign a brand new one. This > would > make all of the scenarios secure and usable without having to jump > through > programming hoops nor stop using @userreferenceargument.
To actually accomplish what you're proposing likely involves some form of URL rewriting - you're just introducing a different set of hoops to jump through. No thanks. Through all the hoops away, and just stop using <@USERREFERENCEARGUMENT>. ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
