The hole I see in the intended implementation. We are not maintaining a session with the web server, nor are we rewriting any links in the returned page with the user information. This means any link returned by the page will have NO user information, so clicking the link will be seen by the web server as a request from an anonymous user.
Is this a problem? Paul Spencer -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
