URL sessions are more trouble than they're worth. Now that the
initial cookie hysteria has diminished, it's more feasable to say
"turn on cookies or else".
One thing there is though is the session handler sending one cookie
and the identity handler sending another, rather than putting the
authenticated user in the session. Is that so authentication is not
dependent on sessions? It means that some browsers will bring up
multiple cookie dialogs for a site, alarming users. ("Why does this
site need so many cookies?")
--
Mike Orr <[EMAIL PROTECTED]>
([EMAIL PROTECTED] address is semi-reliable)
