What do you mean, maintained on the client?
-Original Message-
From: Jochem van Dieten [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 13, 2002 7:44 AM
To: CF-Talk
Subject: RE: Login/Password screen
Quoting Craig Dudley [EMAIL PROTECTED]:
Create a session variable, set it to 0, and
That means that a cookie is created on the client machine.
- Original Message -
From: Andy Ousterhout [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Friday, December 13, 2002 7:56 AM
Subject: Session Variables (was Login/Password screen)
What do you mean, maintained
Quoting Andy Ousterhout [EMAIL PROTECTED]:
What do you mean, maintained on the client?
The client has to send the CFID and CFToken. If the client doesn't do
that, the server will not be able to associate the appropriate session
variables with the client request. That is not a problem when
Email, click on link, or otherwise
re-activate their account.
3. What else...
Andy
-Original Message-
From: Jochem van Dieten [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 13, 2002 8:05 AM
To: CF-Talk
Subject: Re: Session Variables (was Login/Password screen)
Quoting Andy
-Original Message-
From: Andy Ousterhout [mailto:[EMAIL PROTECTED]]
Sent: 13 December 2002 15:24
To: CF-Talk
Subject: RE: Session Variables (was Login/Password screen)
Ok, let me restate to be sure that I understand...
The security issue for counting login attempts is that a User can
: Jochem van Dieten
[mailto:[EMAIL PROTECTED]]
Sent: Friday, December 13, 2002 8:05 AM
To: CF-Talk
Subject: Re: Session Variables (was
Login/Password screen)
Quoting Andy Ousterhout :
What do you mean, maintained on the client?
The client has to send the CFID and CFToken. If
the client
-Original Message-
From: Jochem van Dieten
[mailto:[EMAIL PROTECTED]]
Sent: Friday, December 13, 2002 8:05 AM
To: CF-Talk
Subject: Re: Session Variables (was
Login/Password screen)
Quoting Andy Ousterhout :
What do you mean, maintained on the client?
The client has to send the CFID
Tracking failed logon attempts to IP address.
But that dictates that everyone has a unique IP address which is
frequently not the case in one of my current apps. If you rely on IP,
you're subjecting all other users with the same IP to being locked out.
Ken
Once a valid User ID has been entered, track unsuccessful attempts
Ahh, helps to read and comprehend your idea to it's
conclusion...nevermind.
Ken
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Andy Ousterhout wrote:
Ok, let me restate to be sure that I understand...
The security issue for counting login attempts is that a User can continue
attempts so long as they remove CFID Token from the URL and turning off /
deleting cookies. This can be countered by:
1. Tracking failed
workforce monitoring, mapping reporting
www.navtrak.net
410.548.2337
-Original Message-
From: Andy Ousterhout [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 13, 2002 11:08 AM
To: CF-Talk
Subject: RE: Session Variables (was Login/Password screen)
Joe,
Not all Users allow cookies. I
Kola Oyedeji wrote:
I think I've been down this path before. I'm not sure if this is still
the case but in some instances such as AOL browsers, user's can actually
have a different IP address per request. As I said that was a while ago
so I'm not sure if that still stands. Can anyone confirm
, Inc.
Mobile workforce monitoring, mapping reporting
www.navtrak.net
410.548.2337
-Original Message-
From: Andy Ousterhout [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 13, 2002 11:08 AM
To: CF-Talk
Subject: RE: Session Variables (was Login/Password screen)
Joe,
Not all Users allow
13, 2002 10:01 AM
To: CF-Talk
Subject: RE: Session Variables (was
Login/Password screen)
Why not simply write a cookie out.. if NOT
defined for the application
For every login attempt, increment cookie
value+1
if exceeds 3 whatever.. switch app mode to
whatever you want...
I
??? How about using the URL to maintain state?
The big advantages of cookies is to simplify/eliminate subsequent logins /
and simplify coding.
Forta's books have forever shown how to test to see if user allows cookies
and if not pass state in URL.
best, paul
At 09:20 AM 12/13/02 -0800, you
15 matches
Mail list logo