ok I have [code]session_start(); [/code] at the top of every page of the site... The session lifetime is set to 1 hour On successful log-in, I assign [code]$_SESSION['userid']=$ID; [/code] So it means if $_SESSION['userid'] is set, then the user has logged in.. The problem is, after I log-in, I can still open another brower windows and log-in as another user. Apparently, Seperate Session variables are created by different browser windows. I can log-in as different users by opening new windows on the same computer... It's complicated Help!!