#####ORIGINAL###### i would like your input on session vs cookies regarding login data like usernames/passwords ect... ####END ORIGINAL#### - Main difference is that cookies are stored on the client machine and session is maintained on server machine. - Cookies can store information for longer period of time even if client leaves website whereas session is destroyed as soon as browser is closed - It is not adivsable to store passwords in cookies until unless you are using strong encryption algorithm - Session can also be hijacked by getting session id of an authenticated user - If you only want to use session or cookies use both. Store username in cookie so that when user visits your website later, you can prefill the username field. Store username in session for small period of time so that when user exits the session is destroyed - To ensure best security use database as well. Store IP, Session ID, username, login time. After every few minutes you can re authenticate the user against these parameters. -- Regards Fahad Pervaiz www.ecommerce-xperts.com (Shopping Cart Applications, Framework for Multilingual Web Sites, Web Designs)
