[thelist] ASP, HTTP_REFERRER, Session questions

[aardvark]

> From: "Beau Hartshorne" <beau at members.evolt.org>
>
> Aardvark, Anthony thank you. This is what I think I should do:
> 
> Every page (except the login page) updates a Session object like so:

while not a bad approach, just keep in mind that users without 
cookies enabled, as well as users who have their sessions expire 
(by walking away, working, etc.) will not benefit from this 
approach...

the reason i remanded the URL variable to the query string and 
hidden fields is because it's completely friendly for all browsers, as 
opposed to just cookied or sessioned (making up new words) 
browsers...