but...
The trick to making this work right, I think, is making it successfully
self-service. A user has to have enough retries to get it thru their
thick skull that they forgot their password (I use 4 strikes).
The lockout has to expire on its own (use session vars and a session
timeout handles this nicely) and the "I forgot my password. Help me"
link has to be plainly displayed and easy to use -- and also
self-service.
There's a whole 'nother topic right there.
--------------------------------------------
Matt Robertson [EMAIL PROTECTED]
MSB Designs, Inc. http://mysecretbase.com
--------------------------------------------
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
