Quoting Craig Dudley <[EMAIL PROTECTED]>: > > Create a session variable, set it to 0, and after every failed > login attempt increment it by 1, if it reaches 3, don't show the login > screen but a locked out screen instead. After their session times out, > they will be able to try again however.
Sessions, although stored on the server, are maintained on the client. Ergo, insecure. Use an IP address. Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm