Newly registered users getting access before account approved
I've got a double opt-in system set up where user_status is set to 0 on registration, an email goes to my client and they have to approve the user. This all works, but I've discovered a glitch - straight after the user registers, if they then click on the Members Area link they can access the protected page even though they haven't been approved yet. However if they then logout and back in again, or close the browser, they can't login again until their account has been approved. Any idea what might be causing this?
UPDATE - managed to fix it - the registration page was setting a session cookie for SecurityAssist ID and the secure pages were allowing access if an ID exists. Renamed the session cookie and now all working as it should.