rory, ><><><><><><><><><><><><><><><><><><><><><><><><><><><><>< > From: Rory.Plaire at wahchang.com > > Perhaps, also, as Mark Nickel was talking about, there > is the possibility of writing an apache module to handle > this, so the cookies don't ever get to the application > server, but can authenticate through the web server... ><><><><><><><><><><><><><><><><><><><><><><><><><><><><>< this doesn't solve the problem of a malicious m.e.o. account holder reading the cookies with javascript. thanks, .jeff http://evolt.org/ jeff at members.evolt.org http://members.evolt.org/jeff/