Since my client won't allow me to use cookies (long story) I use a Session table with a record for each active client. The session record is updated with each hit on the site by storing the Session ID in a hidden variable.
There's an automatic logout if 30 min. goes by without any activity on the session. The time can be set by each of the end-user companies. Timed out records are recycled.
HTH
Barbara
>I am working on a front end for our VFP app using West Wind and have to add some level of security. I need to get the user name and password obviously and keep track that that person was logged in. When they leave the site I need to log them out.
>
>What means to people usually use for this. I realize I could probably use cookies to do this but I am not sure about logging them out.
>
>Any ideas?