Quoting Laura McCord <mccordl at southwestern.edu>: > Won't this leave us completely open to session hijacking if I set it to > false? It makes you _more_ vulnerable, but not completely. It's just one of a number of protections. -chuck -- "we are plastered to the windshield of the bus that is time." - Chris