Thanks for the detailed explanation Andy. I added HttpOnly cookies and another config option for secure cookies. This option is on by default and can be disabled when only the login should be protected by SSL. -- splitbrain.org -- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist