we have created a messaging structure for one of our sites. (i.e. a hotmail style inbox, etc)
Now we want to avoid url hacking with the view message page. To avoid this we are looking at encrypting the querystring to avoid the hacking (or another solution if you can recommend a better one).
So the user would login (the site is using auth=form) (here we would ceate an unique encryption key and store in a session??)
the user would then go to their inbox and when they click to view the whole message we will encrypt the data, pass o the view message page and decode to load it.
Can anyone provide some code (or links) for this please?
Also one problem I envisage is with the sesson variables timig out before the auth=forms does? is there any precautions I can take to completely remove this issue?
thanks in advance for the help guys.