What you could do is that you could store some sort of a hash on the server9 e.g. md5.
On login you build this hash, and on every other request you rebuild that hash and check it with the original value. The hash could be built from the IP & user Agent & whatever you have on mind. It would be very hard for two computers to have all these identical. BUT! i recommend againt this, since people using clustered proxies will not be able to use your application. Clustered proxies tend to change the IP & user agent on every request. This means that you shouldn't even protect the session with an IP address. Ammar __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ Jordan PHP Users Group http://php.jolug.org/ Php mailing list [email protected] http://mail.jolug.org/mailman/listinfo/php_jolug.org
