hello,
I've got a site which people can join up with, and then login on subsequent visits.
the problem is, the login doesn't work for a couple of people who use norton firewalls.
if their internet settings are for no cookies, then the session id gets passed in the url throughout the site while they're on it. if they are allowing cookies, it stores it on their machine, so doesn't need to pass it in the url.
so, my question is, has anyone had any similar problems with particular firewalls, and is there a solution?
i am assuming that they are allowing cookies in their internet options, so my content is being served accordingly, but then the firewall is blocking it?
any ideas would be welcome!

Could you elaborate a little more on your problem? I think I understand, but before I make myself sound like a doof, I wanted to make sure.

ok,
i've written the login and sessions stuff, and the server is set up ok i think.
Nomatter what security settings i set on internet explorer, it works fine logging me in on my machine, both at work, and at home. if i have high security, it passes the session id in the url (ie it adds ?PHPSESSID=ad23wqefwq3rq32q or whatever to each url automatically). If it's low security, allowing cookies, etc.etc, it doesn't pass this, but stores it on the users computer.

now i've had two people, both using norton personal firewall, who can't log in to the site (although it works fine when they've tried their usernames and passwords in internet cafe's etc) they fill in the login, but it just won't log them in.

i'm stuck as to why, other than the fact they're both using norton - is there something it does which fools my scripts into thinking they have low security, whilst at the same time not allowing session id's to be stored?

Hmm...have you found out if they are getting the query strings at all when they turn off their cookies?

afraid not.
I'll try to find out, but these people are not very internet-savvy.
i can't really install it all for myself, as my machine here is behind a company firewall anyway, and i don't fancy sorting all that out if it goes wrong!

*can see the horrors* Yeah, no need for you to install. Ask them if there are lots of numbers and letters next to the main part of your link, that's how I've gotten people to help me. ;)