I have a blogging site with custom session management mechanism. If I want somebody else to read a post and send a link while being logged in (thus the url contains session id) the user I send link to is automatically logged in my account.

Is there a way to determine if the user viewing the story (even with valid session id) is the same user who first logged into member area?

Tracking IP is not a good idea afaik, since AOL users have IP addresses dynamically changed from time to time.

Any ideas?

Thanks.