Like the original poster, I am also interested in login control. In the text above, you speak of cookie use to time out or control user login. My question is has anyone done this in practice. We are building a community portal that will be accessed in public libraries and technology access centers. Novice users will forget to logout and people may post potentially explosive comments in other peoples names. We are looking to control user login from a slightly different perspective to avoid this. My apologies if this post should really have gone in a new thread, but you all seemed to be pointing this way. Does anyone have input or sugestions from this perspective on login control? Thanks if you can give assistance.