associates that session with that client, therefore, the spider appears
to be a valid client. Once it has the session, what keeps it from
posting a million times on that session? CF has to set something on the
client (cookie or token or something) to keep the session alive, and
couldn't the browser/spider spoof that?
John
-----Original Message-----
From: Bryan F. Hogan [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 17, 2004 10:16 AM
To: CF-Talk
Subject: Re: cfmx and CAPTCHA
A session value passes in a HTTP header?
Burns, John D wrote:
> I don't think he's saying that the spider can _read_ the session var,
> but if you set one and it is passed to the next page, the spider will
> have it and then all it needs to do is figure out the image.
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
