So the user comes to the site and they're presented with a log in page. They enter they're username and password and php checks a mysql database for a matching username and password. If there is a match, it responds with 1 line found. If no match, it responds with 0 lines found. In the case of a match, php then sets a cookie on their browser with a value of 1 for authenticated and 0 for not authenticated. Every subsequent page the user views checks the status of this cookie and if it's a zero it kicks them back to the log in page. This cookie expires in 5 days and after that they'll have to log in again. I'm aware that this is terribly easy to circumvent by creating/modifying a cookie with the 1 value and the site thinks you've passed muster. What is a better way of doing this? -- DeadTOm http://www.mtlaners.org deadtom@xxxxxxxxxxxx A Linux user since 1999. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php