Thanks for the response. I am not sure but I don't think that session variables are considered cookies - again, not sure. But the case I am talking about is in the time frame of seconds. My client is do the testing. He connects to the site goes through the login sequence and proceeds to execute page penetration. He then logs out closes the browser and then goes back into the site but specifies a page 3 levels past the login and gains access. I am using sessions variables to test the validity of page entry; if the email address is not present in the specified session variable which is stored after login I execute a "die" command to force exit from the site - granted not tippy toe! If the client attempts this procedure before an initial login he is thrown out of the site. This is only happening with Mozilla with no redirect specified as one of the operating parameters. I was under the impression that when a browser is closed ram was cleared on both client and server sides?
Originally Posted by ignorant