Cookieless sessions

  • Thread starter Thread starter Leigh
  • Start date Start date
L

Leigh

Hi

Using cookieless sessions, if a user copies a URL that
includes the embedded session ID and sends that to someone
else, i.e. via email, if that link is used within the
timeout period, they end up with the same session.

Is there a way to tell if the client using the URL and
embedded session ID is somebody different to client who
originally got the session?

Regards

Leigh
 
what about checking "AUTH_USER" ? in the er session variables i finks? or IP
address?
 
Hi,

You can use the user IP address in a LAN scenario or toggle a database field to check the user login status.

Bhaskardeep Khaund
Hi

Using cookieless sessions, if a user copies a URL that
includes the embedded session ID and sends that to someone
else, i.e. via email, if that link is used within the
timeout period, they end up with the same session.

Is there a way to tell if the client using the URL and
embedded session ID is somebody different to client who
originally got the session?

Regards

Leigh
 
-----Original Message-----
Hi,

You can use the user IP address in a LAN scenario or
Click to expand...
toggle a database field to check the user login status.
Hi

Thanks for the response. We thought about using the IP
but as this is an Intranet site, and a lot of people would
access via NAT from the same office, we would get the same
IPs from a lot of users.

Regards

Leigh
 
-----Original Message-----
what about checking "AUTH_USER" ? in the er session variables i finks? or IP
address?
Click to expand...

Hi

Will take a look at this, but last time we looked at this
Server variable it was an empty string.

Regards

Leigh
 
Back
Top