Todd, > realizing that ultimately people can share their username/password to > a for-fee protected web site, we would at *least* like to avoid the > possibility that two people could both be logged in at the same time > from two different computers. the use of IP address doesn't seem > adequate since many users come through a router/proxy running NAT.
You can set a session (see Apache::Session and related modules) that can use the uri as session-container as well (eg http://www.example.com/9o79876a98d7fa98d7/path/to/doc). The session part (9o79876a98d7fa98d7) can be stored in a database. Success. --Frank