http://www2.csoonline.com/exclusives/column.html?CID=33395 Article on Cross Site Request forgery, saying that only a solution internal-to-the-server can break the technique, and only if it's so pervasive that the attack itself becomes worthless. Sorry I'm asking you to forward, but this matters! Thanks, -Antryg