Sounds like you need to check two things here: 1) That they are coming from
the login page, and 2) That they have successfully logged in. If either one
of these criteria is false, they need to be sent back to the login page,
right?
I would think that once the user logs in successfully, you could store the
GUID in a session variable? Just perform a check on the first page that the
HTTP_REFERRER is correct and that they are logged in -- if so, set the
Session variable to the GUID on this page. On subsequent pages just check
that the Session variable exists and is set to the valid GUID (you can
either just check that the session variable actually exists, or for more
security check it's validity against the database).
That's how I'm understanding your question anyway... I wouldn't pass
confidential info. like a GUID via QueryString.
Thanks
"Rob" <ro****@hotmail.com> wrote in message
news:OB**************@TK2MSFTNGP10.phx.gbl...
Does anyone know a better way of doing this? The client just wanted 2
things...that the user comes from the login page and that the guid that
is passed to me matches a field in another database where we keep their
contact information.
Worse case scenario is that someone fake's the referer and has to
register for an event where he would have to pay online for this guy.
ROb
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!