Hi Jay, Monday, October 10, 2005, 7:36:12 PM, you wrote: > I would think it neither safe nor practical. Once a user has logged > in having the password in SESSION would be useless. Agreed totally, I am curious as to why this question seems to get asked a LOT though. I wonder what it is that causes this? (other than inexperience) I mean there must be some common end result these developers are hoping to obtain, resulting in a password being stashed away in a session var. I wonder if they're using it (+ a username) to perform a user look-up on every page? The mind boggles. Cheers, Rich -- Zend Certified Engineer http://www.launchcode.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php