> Yep -- I don't think the consequences of stealing an lwn.net session > cookie would be disastrous. (Jon?) That's not the case for all sites. It would let somebody access another's subscription or, worse, post comments in somebody else's name. That's about the worst of it. For me, that's bad enough, and I really wanted to take the obvious step to keep it from happening. The problem is that the readers see an LWN login as a low-security thing, and they have made it pretty clear that they would rather it persisted across an IP address change. Given the level of potential consequences, I decided it was better to opt for convenience in this case. If I were doing an online banking application, I would have chosen differently. jon Jonathan Corbet Executive editor, LWN.net corbet@lwn.net