> Correct! Problem is that I have been given explicit instructions to not > use cookies to do this. The only way I can think of doing it without > using cokkies is to pass at least one variable from page to page so the > scripts know who the user is. Getting them to the user index page with > links to the tools without knowing what the ID is was my main focus. I did > this using hidden input type variables so it's not included on the URL > when they get there. I could continue to do so if I were using all <form> > based links but the value could still be seen in the source for the page.
If that's the way you have to do it, then make the ID that identifies the user something very hard to guess. Take a look at uniqid() in the PHP manual. Assign the user a unique id after they supply the correct username and password, and then pass that value around in the URLs. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
