Msg#: 3360481 posted 9:25 pm on Jun 6, 2007 (gmt 0)
I agree that session variables would work best.
You could also write two functions, one on your client's site to encrypt the variables, and on on your site to decrypt the variables so you can read them. This way, you could use get and it would be pretty secure (someone could always study many links and eventually figure out your encryption algorithm).
Msg#: 3360481 posted 11:42 pm on Jun 6, 2007 (gmt 0)
Welcome to WebmasterWorld, Beagle423!
I believe that session variables reside on a server, so their session variables wouldn't be visible to your site.
I would recommend their login process send a [changing] validation key along with an identifier (the user's signin name or an id number) to your site via curl [php.net]. Your site would store the info in a database table. Their link would send the key as part of the url (yoursite.com?link=2112), then you look it up to see if it's "registered" and who it is. If you also store the time that it was curled to you, you could implement a timeout - for example, if someone asks for a key that was indeed valid but was submitted 2+ hours ago, you delete it and make the visitor log in or send him/her back to the client's login page.