It would be possible to do this if I then created another table to load their profile data to and use the unique id as the identifier. It would make it alot harder for someone to guess an ID. I would then need a way to flush out their records from the second table when they are finished. Easily enough done using a logout script but who actually does this anymore. It would be possible to create a script to run through cron to delete records from that table that are more than say 30 minutes old.
Good idea, thanks. Ed > > If that's the way you have to do it, then make the ID that identifies > the user something very hard to guess. Take a look at uniqid() in the > PHP manual. Assign the user a unique id after they supply the correct > username and password, and then pass that value around in the URLs. > > ---John Holmes... > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php