Its a good thing I posted this question. Folks are pointing the errors of my ways. Better to find out here than when things are live. Good points Jenda. I think I'm going back to the drawing board and reconsider the methods I am using.
Peace in Christ - Ron Goral [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> -----Original Message----- From: Jenda Krynicky [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 13, 2003 12:53 PM To: [EMAIL PROTECTED] Subject: Re: AOL and IP Address Changes From: [EMAIL PROTECTED] > In a message dated 8/13/03 9:46:29 AM Pacific Daylight Time, > [EMAIL PROTECTED] writes: > > I see, you have no control of over the redirect. Use the IP address > first and if it returns no match check for cookies. If the cookie > returns nothing then create an popup input box with javascript. I believe you should not be using the IP address at all. What do you do if two users using the same proxy (and therefore IP address) come to your pages at about the same time? Overwrite each others data? What if user A comes, fills in some data, you redirect him to VeriSign, some other user with the same IP comes, fills in another data, you redirect him to VeriSign as well and then they come back in any random order? If you use the IP address at least one of them has the wrong data. The IP may be useable on an intranet if you know the topology, but otherwise it's just an aproximate note in the logs. I would personaly insist on using cookies ... the number of people that are paranoid enough to turn them off completely is not that big and they usualy know what to do if you tell them that you need session cookies. And if the cookie is well formated, local to the server and doesn't try to get stored on disk there is no reason to block it. The only other solution I can think of is to use frames and JavaScript. That is you create a frameset (possibly completely invisible), store the session id the static frame, redirect in the other and when the user comes back to your pages you fetch the session from the static frame. The problem is that the people who turned of session cookies are the same ones who will turn of JavaScript. Jenda P.S.: It really surprises me that VeriSign doesn't let you attach a session id to their URL that would then be attached back to the return URL. ===== [EMAIL PROTECTED] === http://Jenda.Krynicky.cz ===== When it comes to wine, women and song, wizards are allowed to get drunk and croon as much as they like. -- Terry Pratchett in Sourcery -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
