Session Variables (was Login/Password screen)

2002-12-13 Thread Andy Ousterhout
What do you mean, maintained on the client? -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED]] Sent: Friday, December 13, 2002 7:44 AM To: CF-Talk Subject: RE: Login/Password screen Quoting Craig Dudley [EMAIL PROTECTED]: Create a session variable, set it to 0, and

Re: Session Variables (was Login/Password screen)

2002-12-13 Thread Bruce Sorge
That means that a cookie is created on the client machine. - Original Message - From: Andy Ousterhout [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Friday, December 13, 2002 7:56 AM Subject: Session Variables (was Login/Password screen) What do you mean, maintained

Re: Session Variables (was Login/Password screen)

2002-12-13 Thread Jochem van Dieten
Quoting Andy Ousterhout [EMAIL PROTECTED]: What do you mean, maintained on the client? The client has to send the CFID and CFToken. If the client doesn't do that, the server will not be able to associate the appropriate session variables with the client request. That is not a problem when

RE: Session Variables (was Login/Password screen)

2002-12-13 Thread Andy Ousterhout
Email, click on link, or otherwise re-activate their account. 3. What else... Andy -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED]] Sent: Friday, December 13, 2002 8:05 AM To: CF-Talk Subject: Re: Session Variables (was Login/Password screen) Quoting Andy

RE: Session Variables (was Login/Password screen)

2002-12-13 Thread Kola Oyedeji
-Original Message- From: Andy Ousterhout [mailto:[EMAIL PROTECTED]] Sent: 13 December 2002 15:24 To: CF-Talk Subject: RE: Session Variables (was Login/Password screen) Ok, let me restate to be sure that I understand... The security issue for counting login attempts is that a User can

RE: Session Variables (was Login/Password screen)

2002-12-13 Thread Joe Eugene
: Jochem van Dieten [mailto:[EMAIL PROTECTED]] Sent: Friday, December 13, 2002 8:05 AM To: CF-Talk Subject: Re: Session Variables (was Login/Password screen) Quoting Andy Ousterhout : What do you mean, maintained on the client? The client has to send the CFID and CFToken. If the client

RE: Session Variables (was Login/Password screen)

2002-12-13 Thread Andy Ousterhout
-Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED]] Sent: Friday, December 13, 2002 8:05 AM To: CF-Talk Subject: Re: Session Variables (was Login/Password screen) Quoting Andy Ousterhout : What do you mean, maintained on the client? The client has to send the CFID

RE: Session Variables (was Login/Password screen)

2002-12-13 Thread Ken Wilson
Tracking failed logon attempts to IP address. But that dictates that everyone has a unique IP address which is frequently not the case in one of my current apps. If you rely on IP, you're subjecting all other users with the same IP to being locked out. Ken

RE: Session Variables (was Login/Password screen)

2002-12-13 Thread Ken Wilson
Once a valid User ID has been entered, track unsuccessful attempts Ahh, helps to read and comprehend your idea to it's conclusion...nevermind. Ken ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4

Re: Session Variables (was Login/Password screen)

2002-12-13 Thread Jochem van Dieten
Andy Ousterhout wrote: Ok, let me restate to be sure that I understand... The security issue for counting login attempts is that a User can continue attempts so long as they remove CFID Token from the URL and turning off / deleting cookies. This can be countered by: 1. Tracking failed

RE: Session Variables (was Login/Password screen)

2002-12-13 Thread Tony Weeg
workforce monitoring, mapping reporting www.navtrak.net 410.548.2337 -Original Message- From: Andy Ousterhout [mailto:[EMAIL PROTECTED]] Sent: Friday, December 13, 2002 11:08 AM To: CF-Talk Subject: RE: Session Variables (was Login/Password screen) Joe, Not all Users allow cookies. I

Re: Session Variables (was Login/Password screen)

2002-12-13 Thread Jochem van Dieten
Kola Oyedeji wrote: I think I've been down this path before. I'm not sure if this is still the case but in some instances such as AOL browsers, user's can actually have a different IP address per request. As I said that was a while ago so I'm not sure if that still stands. Can anyone confirm

RE: Session Variables (was Login/Password screen)

2002-12-13 Thread Tony Weeg
, Inc. Mobile workforce monitoring, mapping reporting www.navtrak.net 410.548.2337 -Original Message- From: Andy Ousterhout [mailto:[EMAIL PROTECTED]] Sent: Friday, December 13, 2002 11:08 AM To: CF-Talk Subject: RE: Session Variables (was Login/Password screen) Joe, Not all Users allow

RE: Session Variables (was Login/Password screen)

2002-12-13 Thread Jebmail
13, 2002 10:01 AM To: CF-Talk Subject: RE: Session Variables (was Login/Password screen) Why not simply write a cookie out.. if NOT defined for the application For every login attempt, increment cookie value+1 if exceeds 3 whatever.. switch app mode to whatever you want... I

RE: Session Variables (was Login/Password screen)

2002-12-13 Thread paul smith
??? How about using the URL to maintain state? The big advantages of cookies is to simplify/eliminate subsequent logins / and simplify coding. Forta's books have forever shown how to test to see if user allows cookies and if not pass state in URL. best, paul At 09:20 AM 12/13/02 -0800, you