> Just to let everyone know The World of Letterboxing is out there and
> waiting for you to come and visit
> click here:
>
> http://www.lbworld.org/portal.php?sid=72fe3ff291
3195064f06ae08f2fc0b3b

I didn't want to post about this earlier, but it looks like your
session ID has expired or you manually logged off of the website, so
I'll mention it now. If you're ever on a website that has something
like sid=72fe3ff2913195064f06ae08f2fc0b3b as part of the URL, sid is
short for "Session ID". This is the special number given to you so
the website knows who you are and can track you from page to page on
the site. This is normal and virtually ALL sites have such a thing.
Usually they're hidden in cookies so you never even see your session
ID.

However, when it's pasted to a URL like that, people can hijack your
session! Session IDs typically expire after about a half hour of
inactivity. Consequently, those following the link--if you were
logged in--would find themselves logged in as you!

Probably not what you wanted to happen.

The moral of the story is--never post a link that has an sid listed as
part of the URL. It's a HUGE security risk, and I'm kind of surprised
Steve even has that option set on in the first place. But the risk
only comes about if others can learn your session id. It's like
posting your home phone number and address for the world to see. Most
people won't abuse it, but you certainly shouldn't be taking chances
doing so either.

This public service announcement was brought to you by, well... me.
=)

Happy trails!

-- Ryan

PS. Sorry, folks, but if you were hoping to hijack the session, your
time has passed. =)