Hello, thank you everyone for the answers. I went through and I forgot add one thing. The web-app is frontend, thus basically PL/PGSQL launcher and all changes are audited, so common login is unwelcome. On Thu, May 15, 2008 at 05:40:49PM +0200, Steve Manes wrote: > I keep the user's login credentials in a TripleDES-encrypted, > non-persistent cookie, separate from session data. > This is the approach I am/will be heading to. Having the cookie with login and password encrypted on user side, HTTPS connection, and what was said in previous emails about not storing credentials in cookies any ideas of weak sides? Moreover if parts of decryption keys will be unique to the sessions and stored in session on a server? PS. Appologies for going slightly OT as this is becoming more general than pgsql. Thank you, Bohdan
