> What do you consider the other 2 methods to be? I can think of > encoding it in the URL, and the server remembering the browser's IP > address. Are there others? HTTP authentication can also be used as a means of identifying a session. Hamish Lawson