I've done a similar thing having users to site B login which
authenticates the users by accessing a web-service on site A. You could also
have the web-service return if the user's IP is in your allowed set of IPs.
Greg
-----Original Message-----
From: Reed Powell [mailto:[EMAIL PROTECTED]
Sent: Sunday, June 27, 2004 12:32 PM
To: CF-Talk
Subject: Control over HTTP_REFERER?
I've waited to the last minute on something that I thought was going to be
simple.
I'm working with a local genealogy society to allow their members to access
a research facility that the society subscribes to. The rules of the game
are that the society has to authenticate the users and limit the access to
just their members - they cannot open it up to the world. The research
facility uses the http_referer variable to determine if the request is
coming from the society's website.
Well, as far as I can tell, any means I use of sending the logged-in and
properly authenticated user to the research facility's site (HREF,
CFLOCATION, response.redirect) is going to have an http_referer value of the
user, not the website. Since the users can come from anywhere (home, work,
library, Aunt Matilda's, etc etc), there's no way I can see to send a list
of all possible user IPs to the research facility.
Any ideas on how to get out of this pickle? I don't think that CFHTTP is an
answer, since there is going to be a lot of cookie, _javascript_ and image
traffic between the user and the research site. I'm supposed to have this
up and running on 1-July!
Thanks
-reed
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
