Magic? Actually, you could use URL-rewriting or hidden forms, but anybody using your page could change the value from "0" to "1" to fool your code into thinking they'd logged on. They could also do the same with a cookie if they reverse engineered your cookie data (which is not hard). Best to use the Session object as that's stored server side, and, conveniently, goes away when the user does.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]