Eric Cholet wrote: > Someone recently suggested to me the following solution, based on slightly > modified sessions. It involves sending a cookie that contains a new ID > with > each response. The server stores that ID keyed on the user's login name. > The next request from the client is expected to return that > cookie.
Sounds like an ordinary session to me. If you aren't logged, you must log in. Logging in clears all other sessions tied to this user ID. That should work fine. - Perrin