<blockquote id="quote"><font size="1" face="verdana, arial" id="quote">quote:<hr height="1" noshade id="quote">Originally posted by Rob
As session variables are stored in cookies.... would it not be very easy for someone who knew what they were doing to 'fake' a valid login by just simply messing with the cookie?

I would always store user / pass in an encrypted form in either session, or cookies and check user / pass from that location on each page.

Anything else, is just open to abuse.

I stress though, you should encrypt the session / cookie data.


That'll be 12 cans of Grolsch for me please!! :wink:<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">

Yep, will look into thids when I get me head around the whole 'Sessions' thing...only 12 cans? Shame on you