14th March 19:52
Cookieless Authentication and Security
I have a question regarding Commerce Server in general regarding
Cookieless Mode and Security. Currently CS supports cookieless mode by
adding a profile ticket to the querystring. Now, as far as security
goes, if i send that link to my neighbor in an email which has my
profile ticket at the end of the querystring, my neighbor then loads
that into his browser, CS is able to pick up that's its a different
user, different browser, different computer, etc. and kick them back
out onto the login screen.
I was wondering if anyone can give me a high level explanation of how
CS does this? As much information would be most helpful.