Cookieless sessions

[Leigh]

Hi

Using cookieless sessions, if a user copies a URL that
includes the embedded session ID and sends that to someone
else, i.e. via email, if that link is used within the
timeout period, they end up with the same session.

Is there a way to tell if the client using the URL and
embedded session ID is somebody different to client who
originally got the session?

Regards

Leigh

 

[evolve]

what about checking "AUTH_USER" ? in the er session variables i finks? or IP
address?

 

[Bhaskardeep Khaund]

Hi,

You can use the user IP address in a LAN scenario or toggle a database field to check the user login status.

Bhaskardeep Khaund
Hi

Using cookieless sessions, if a user copies a URL that
includes the embedded session ID and sends that to someone
else, i.e. via email, if that link is used within the
timeout period, they end up with the same session.

Is there a way to tell if the client using the URL and
embedded session ID is somebody different to client who
originally got the session?

Regards

Leigh

 

[Guest]

-----Original Message-----
Hi,

You can use the user IP address in a LAN scenario or

toggle a database field to check the user login status.
Hi

Thanks for the response. We thought about using the IP
but as this is an Intranet site, and a lot of people would
access via NAT from the same office, we would get the same
IPs from a lot of users.

Regards

Leigh

 

[Guest]

-----Original Message-----
what about checking "AUTH_USER" ? in the er session variables i finks? or IP
address?

Hi

Will take a look at this, but last time we looked at this
Server variable it was an empty string.

Regards

Leigh