I have a client who is deploying a simple affiliate program. Currently, if a visitor comes through the affiliate link, a cookie is set on a third party domain that does the affiliate tracking.
If the person purchases something, a tracking pixel is fired that sends the record to the 3rd party domain.
Obviously this is completely insecure. If someone gets the img or js code, they can just launch a bunch of sessions on different ips and make those requests and the affiliate software will record them as conversions.
The client has no ability to add any server side code, so I can't do a simple server to server call.
Is there any way to create a secure solution using just an IMG or Javascript? I think it's not possible, but maybe I'm not thinking of something.