Thanks for looking at the code, Simon!
Thanks also for the suggestions for code improvements.
As this snippet is "currently being worked at" they are quite
useful.
One thing, I don't want to follow is the cookie thingy. I started
this script especially to avoid the use of them because some people
don't want to allow them, so why force them if there is a way out of
it?
I also know, that I am reinventing the wheel :) but on the other hand
I wanted to create a secure login-procedure totally independent of
other people's code - but maybe I should better look at the modules
you suggested nevertheless.
This has been a good way to study a usertracking, so far. I'd appreciate
some security experienced people to say a word about the idea I am
following.
--

there are no silly questions killerhippy