you always receive from paypal information (you should have something in $_POST or $_GET) so you can actually identify who it was, so it would be easy to simply say that if you don't have the information sent then you don't show the page. I don't recall exactly how this principal works but it was something like that. On 3 July 2011 18:32, Kirk Bailey <kbailey@xxxxxxxxxxxxxxxx> wrote: > OK, I want to send someone back from paypal to a thank you page; this > reloads to the actual file they will purchase. BUT, I want to include a > magic cookie that will prevent someone else from going to that url at a > later time and getting the payload without paying for it. Any thoughts on > how to build a secure vendobot? Let's discuss this in this thread. > > -- > end > > Very Truly yours, > - Kirk Bailey, > Largo Florida > > kniht > +-----+ > | BOX | > +-----+ > think > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
