> Always, always, always use a value that has no other significance other > than being a unique ID. Email addresses change and so do passwords, so > those are poor choices for linking data. They are fine and good choices > for login, but that's about the only thing they should be used for. I understand what your saying, but if I just use the ID, then it makes it extremely easy to login as another user, simply change the ID in your cookie. Atleast if I have email/password aswell it takes someone with access to the network and a sniffer to get the values. If a user changes his email and/or password, then the cookie gets updated, simple. I can't see that its that much of an issue. If we were talking about a credit card number or something else critical then I'd agree. Jim. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
