I have done nothing of the sort either. Our corporate site and web applications have had to have some re-engineering done to not issue cookie straight away. That's the price of operating in the UK and I have no problem with that.

Just remember, the good guys stay good.

The bad guys are easy to pick off now at the browser or the IWF firewall.