> Can anyone point me to a possible solution for this? 1. Use SSL. 2. Throw away an existing session id, if a user authenticated successfully (e.g. destroy the old session, and copy the data into a new one). 3. Provide a logout button which destroys the session.
- Sascha -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php