Unfortunately this may exclude AOL users that can end up getting different IP addresses per request because of the proxy setup they have.
On 7/17/07, Claude Schneegans <[EMAIL PROTECTED]> wrote: > > >>supposing a hacker generates a valid session on a site, then invites > others to click on a link with the same cfid cftoken on the url > > Keep the IP address of the one who created the session in the session > variables, then refuse > any other connection in the same session from another IP. > > -- > _______________________________________ > REUSE CODE! Use custom tags; > See http://www.contentbox.com/claude/customtags/tagstore.cfm > (Please send any spam to this address: [EMAIL PROTECTED]) > Thanks. > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| CF 8 â Scorpio beta now available, easily build great internet experiences â Try it now on Labs http://www.adobe.com/cfusion/entitlement/index.cfm?e=labs_adobecf8_beta Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:283914 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
