I asked something similar a little while ago, but didn't do a good job clarifying.
What I'm looking to do is when a user logs in, I start up the session.. I then have the registered session var to verify they are authenticated as they move throughout the site. Now, when they close the browser and come back, I want them to still be authenticated. Obviously, I have to set a cookie. But what do I set? Do I set just their user ID? The MD5 of their password? What's the most secure way, that's not easily spoofed? I don't know that much about cookies, but if I just use a user ID, couldn't someone just change that ID value and 'become' another user? Thanks for any advice, Chad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php