Hi Alex - cheers for the response.

Erm, I'm a little confused...

So a session variable runs for the course of the session presumably, i.e. until the user closes their browser window?

I understand the principle of the username and password in a table that I can then match with the login details that are posted, but what about the session column, what does that do?

The random number thing has thrown me a little too.