Yep that would work, but you have to be concerned about what links they click on after they visit that node. There's some similar code in the cas_init hook for my cas module (to back door log into the user), so I know that can be done easily. Would be trivial if you store $user->name of the peek user in your tables, just a call to user_load(). One strategy: peek/<uid>/<md5 hash> then determine the rest from background tables. The timestamp doesn't really y provide anything, unless you're using it to generate the hash. The rest could be determined by background tables. Remember that if you don't use the hash in the node access tables, then users will be able to click on other links on the page and get permissions until they log out. IF you're really trying to limit them to a single node, you should try and tackle node access. Dave -----Original Message----- From: development-bounces@drupal.org [mailto:development-bounces@drupal.org] On Behalf Of Alan Dixon Sent: Friday, February 16, 2007 12:48 PM To: development@drupal.org Subject: [development] temporary access module Hi drupalites: I've been working on a little module i'm calling 'peek' and just wanted to check in on duplication of efforts, existing wisdom, etc. The client wants to be able to create a page, and then fire off a bunch of emails to people who may or may not have accounts, allowing them to access the page temporarily. So an administrator needs to be able to generate a semi-secret url (like the ones generated by the user module) that would give someone temporary access to a single node page. After struggling with the node_access stuff for a while, i realised that i probably want to sidestep the usual permissions by providing access to the node page via a callback anyway. So the url i'm generating looks like '/peek/<uid>/<timestamp>/<hd5 hash>' and my peek table keeps track of things like the corresponding nid, when it was generated, how long it's valid for, when it was first accessed, and how long it remains valid after first access. I've also got a helper function to generate new users for email address that don't already have a user. When the link is generated, the user gets authenticated to this uid. That way all subsequent activity is connected to their userid for tracking purposes. Thoughts anyone? -- Alan Dixon, Web Developer http://alan.g.dixon.googlepages.com/