Hi Dave, I implemented an authetication service + session manager that timed out (configurable value) authenticated sessions. But my session manager used a manager id in the url instead of a cookie.
I can provide something on monday or so .. this weekend i don't have access to my laptop :)
