Sure, you can check their ip if you know its going to be unique(not neccessarily true accross firewalls). You can keep a random var cookie on their machine which matches a session or client var on the server, if they dont match or it doesnt exist, then they swapped links. DRE
-----Original Message----- From: Hoag, Claudia (LNG) [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 21, 2002 8:19 AM To: CF-Talk Subject: sharing sessions due to url.cfid and url.token I'm trying to think of a way not to allow people to inadvertedly share a session by sending each other a url with their cfid and cftoken in it. Of course we can just make sure that those are not passed as url parameters, but I'm thinking if there's a way to check if this is a session initiated by someone else. Do you guys have any ideas? Thanks ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
