Use sessions. Create a user_id and pass that as a session variable rather than the user's actual login and password.
-----Original Message----- On my site, when a user logs in, their password is encrypted using md5() and the username and encrypted password is then passed from page to page using hidden form inputs (clicking on a link submits the form using POST). Does anyone have any comments on this method e.g. security wise? I know I could use sessions or cookies but is it relly necessary? **************************************************************************** This message is intended for the sole use of the individual and entity to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete the message. Thank you very much. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php