I've written an opt-in, or double opt-in... (depending on how each person defines it!)... newsletter subscription script for my site.

It contains the usual features to help prevent spamming accusations:

1) User submits email address.

2) Your code sends an email to the address, requesting that the user click the custom link to verify his/her email address. This also verifies that the user who holds the email account, is the one requesting to be added to the newsletter database.

It is obvious why many don't write ASP scripts that use cookies to store a unique ID and the user's email address.

But with sessions variables, the ASP session timeout often doesn't work properly. Meaning, the user will have about 20 minutes to respond to the opt-in email.

The question is: How concerned would you be about losing subscribers if they're having to subscribe, re-subscribe, re-re-subscribe, etc., ... due to the fact that many won't immediately check their emails to complete the subscription process?