If you're going to store the user's session data as a cookie then make sure there is nothing that will be insecure if they figure out how to modify it.Write a custom session handler which: a) binhex the session data, and if it is less then 4K, put the actual session data into a Cookie on the user's computer. Then their session data travels with them. b) If it's MORE than 4K, put it into memcache (or is it memcached?) on an external box, which propogates to its own clusters.
-- Michael McGlothlin Southwest Plumbing Supply
<<attachment: smime.p7s>>
