>>Actually I am using cookies (default for asp.net forms authentication). Not sure what dimension I was in for my previous response.
>
>Ok, so this is the same result as a custom ASP.NET form for authentication. As I do here, I have a login, that creates the cookie, and it persists for as long as the browser is opened, assuming the checkbox is not checked. On your end, did you have any problem with browser having too much security forcing you to offer support to the client's side asking them to lower their security or add your site to their list of trusted sites?

That hasn't been an issuefor our clients, since most of their authenticated work is done with machines where they control the browser settings.

You can use the cookieless option for forms authentication which *should* automatically add state info to the url if the browser doesn't allow cookies. I haven't tried that IIRC.

>
>For example, this is what I have:
>
>http://www.levelextreme.com/ViewPageGenericCookieVerification.aspx