PDA

View Full Version : How did they do that

Freon22
06-03-2005, 03:53 PM
I know a site were all of their links are like the following. They did it this way to stop people from using the back button. What I am try to find out is how they do that. It looks like to me that they are using session ids somehow and hiding the link inside of a session. They then destroy the session and make a new one as soon as you click the link or when you refresh the page. I know they have to because if you use the back button then hit one of the links you get an error because that session was already destoryed. I have alway thought that this was a poor way to stop users from using the back button, But I still have to know how did they do it?


<a href="somesite.asp/loader.asp?sn=8bbb649edab20e8f86405f00093d0c96">Next Page</a>
Freon22
06-03-2005, 08:48 PM
Ok I think I know how they did that now. I am going to email him to make sure. But I think he is using a random password generator, it generators random numbers and letter like this. They then put the password into a variable when you click a link they use a case select and see which variable matchs and then they do a server.transfer to move you to the new page. If you use the back button then done of the variables will match and the else will send you to an error page.

Fixed length (10 characters) passwords
lQHs3WVji1
Kg5KA148ht
31wq5Llho6
ae48Pb6FE6
64Mo7SBfuY
Pc62Fy8MTp
8Aim72x1bN
fa8Tuw80Jn
1HXk0ONaa3
6Mt581Swn0
QkDWw66NUx
2Ktf7BY43X
Wr67vy23B1
7Hyl3XWs8U
d85rbmVIat
LFf0AVDg5S
cn1Ph76Gfb
01l25TJ41Q
jVu5Odj24q
81LW466evp
PKk4NQy16x


Random length passwords
h85Eo45JviLJk8JOrn2Uf11T
6Ad4OXJ0FDp5CCw88aD45Fk
21XevTVkd3
etWgr04EX53K
2Bhq5IWo47lm6DI38Rxi
BfuYPc62Fy8MTp8Aim72
EtnbLJl2Ag322vh4Vlf6Db
7Cx2CK
m81GCv3Trt30Hr5Pe57WT40Lj
1Dg23SvmQHt3
arPQgy1OmnU4r76Kqc2Iw
7Eh5TC
cl00is8Yo
1l2q7Ko
c66yk5Qf81Ol27LktJDQb
Oj34mq81Sw4Aqd0PP
N84PMn0NSu6LY32IXq8
x2KTf7BYl3XWs67vy24Bg7
0SarPQgy
DaoScn83AT42F00VDh5Scn1
BBis8yn2MWt40U

It does seem to be alot of work just to keep users from clicking the back button. :) In working on this I did find a very good ASP Random Password Generator. So if anyone needs one let me know and I will post the code for it.


<a href="somesite.asp/loader.asp?sn=8bbb649edab20e8f86405f00093d0c96">Next Page</a>