The way that I have done this in the past is to set a cookie after the initial authentication. On all pages that require authentication you check for the cookie and validate that it hasn't been tampered with. If this check fails you redirect the user to the login page. To prevent tampering you can 'sign' the cookie with a hash value (You might want to use the MD5 module for this) and then verify the data with the signature.
Peter C. "Two bits is exactly one fourth of eight bits" -Krang -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
