Sorry Lillian I have to disagree with you. I regularly see the session data in my address bar and I do have cookies enabled. I've also had links sent to my from members here with their session data in the address, this includes long term members, we all get caught with it once in a while. Looking at my address bar now, the session data is in the address and cookies were not refused, rejected or blocked. So no, not going to accept that explanation. How short a time is it before the session data expires? How long can a hostile member use that session data before it expires. I personally at one point last year spent several hours logged into this site without a repeat request for cookies. Provided the person using that session keeps it active by doing things the site assumes that the member is active. If the session times out and you paste the session data back into the browser does the software recognise an out of date session or does it just say "ok, have fun"? I'm not trying to be argumentative and quite frankly what I've found doesn't affect me in the slightest, I have no account or gallery on this site so nothing to lose, but a great many members do. We are looking into this. I hope so I really do. Because the implications for security are erm... unpleasant. ++Sunspot3D++ If you find a link in the forum, right click, copy address and paste that into a NEW browser window - not one logged into this site. My own experiments show that this method protects the session data from being passed to any servers you visit.