This will prevent users from having more than one session at a time for sure. You would probably want to remove the id from the list when a duplicate is detected to prevent users from having to wait for their initial session to timeout in the event that they closed their browser without properly logging out. You would also need to keep the session id in this list so that you can invalidate the session that is related to the id.
This of course would drop the original session and in the event that two people were using the same ID it would become a nuisence for the first user to login (they would loose their session). You would want to make sure to log this event for auditing purpose as well. Did I miss anything? -- Virtually, Andre Van Klaveren Architect III, SCP Enterprise Transformation Services Unisys Corporation --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]