I've got access to about 6 accounts because the users had their session_ids in their referer link and went to my page.. *shudder* use Cookie or die ("too unsecure");