When member-only content is accessed, a second script, serveContent, is called, into which is passed the username, a crypted version of the password, and the page which the user is attempting to access, which again checks user authorisation and either displays the requested page or demands the user log in.

Please, correct me if I am not interpreting your words correctly. From what I understand, your navigation frame loads the pages by opening in the display frame an url of the form

https://whatever/cgi-bin/something?user=me&pass=secret.

If the tokens passed in the GET request are all you need to "authenticate" the user, then be aware that they may be stored in the history and automatic completion of the browser and may be passed as referer header to external sites accessed by the user from your pages.

A more correct (and standard) system requires passing to the client only a randomly generated token which is associated server-side to the userid. Urls become

https://whatever/cgi-bin/something?token=randomstuff
and the association token<-->user on the server expires after some time from its creation or from its last invocation. This prevents information from leaking to an attacker who has access to the client after the user.

Of course, this does not guarantee full security, but should be an improvement over your scheme.

Cheers

Antonio Bellezza

The stupider the astronaut, the easier it is to win the trip to Vega - A. Tucket