Hi I sent my wife a test e-mail, when she clicked on the link it logged her into my account. Clearing the cache before sending the e-mail fixed this. She was at her friends house using another computer. Cookies seem to be sending with the referral e-mail and causing the problem. So don't post the referral link on a website until you clear your cache. Regards Alan

Alan, thanks for the post, but there is no security issue. You probably just didn't log out of FreeSwapper before you clicked the url. In fact, FreeSwapper won't even automatically log users in. It always requires a Username / Password to login.

The link is just www.freeswapper.org with the parameter of refid attached to it. There is no way that can auto-log somebody into anything. If you were previously logged into FreeSwapper on the machine in question and you come back to the site without having logged off, you could easily be returned to where you were on the site, but you'd be logged on as the original user. It has nothing to do with who the referral came from.

The email is a process that isn't even attached to the website. The URL contained in the email is just a URL. It's impossible to embed cookies, etc in them.

But thanks for the post.