categorized question QandAEditors Let's say I login on the browser, and click a few times here and there on the web-server to do stuff. Then, I get distracted and go to a webmail site to retrieve and read my mail without closing the current browser. One of the messages has a link to an &quot;evil&quot; website, having malicious scripts, etc. When I click on the link, information about which websites I had visited before, my IP, etc., will be sent to the &quot;evil&quot; website. Using that data it's able to do malicious stuff on the server I visited last, since I had already logged on before. The &quot;evil&quot; website will be able to send commands to the server as me! <p/> So, my question is.... How do you, webmasters, solve or prevent this problem? Is there a better way than prompting the user for their login ID and password everytime they go to restricted area on the web server, or webpage? 1830