Hi Jason (or others,)
I am looking to do something similar to this, however, if in this instance if the user exits the browser and comes back they can just start attempting to login again as they will have cleared their session.
Do you have any suggestions as to how to make this more secure? Logging IP address of failed attempts maybe, at least one could track where they are coming from?
I am looking at this from the eyes of an ADDT user - It used to track all this - store failed attempts in the database and lock a user out for an amount of time if they did have too many attempts.
I would also track when a user logged in and from what IP address - this has come handy a number of times when I've tried to track down what user was having an issue with a web application within the secure area.
Thanks for any ideas - or why I don't need to bother is also good. :)