Hi,
I don't like the ident in the URL, this make messy URLs :) (I agree, is a matter of personal taste).

As in any case you have a script which filter your request, why don't use POST method and made the section id a hidden param?

This leave you with the problem to force the person to retape his password. But this could be achieved (for instance) by aving the script generating the Realm name on a per-session base, so that when the session timeout, you start a new one which implies sending a new realm name to the client, so forcing it to ask again the password to the user.

Disclaimer: I do not know if the above approach would work, nor if it is secure to do it.

Cheers

---

Leo TheHobbit
GED/CS d? s-:++ a+ C++ UL+++ P+++>+++++ E+ W++ N+ o K? !w O? M V PS+++
PE-- Y+ PPG+ t++ 5? X-- R+ tv+ b+++ DI? D G++ e*(++++) h r++ y+++(*)