On 2/15/07, Matt Robertson <[EMAIL PROTECTED]> wrote: .... > His solution is ... well ... mind-boggling. In theory it should work.
In theory, it's exactly the same thing as using tokens. So you change it with every request-- you've still got to get the old token in! Lots of added complexity for the same end result. Why not use your own token (thus avoiding same IP/etc. combos) and use some stuff to make sure it's the same IP with each request, etc., so it'll be a little bit protected from session stealing? Something along those lines perhaps... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269967 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
