note Fastolfe <blockquote><i>I will be running a cgi script on a server that will require basic authentication</i></blockquote> <p>Why not just use HTTP authentication? Generally re-inventing your own authentication system is unnecessary when HTTP has one built in.</p> <p>You might still want a cookie to maintain session state if you're anticipating that one user may log in from more than one location, but that's now a more manageable goal when authentication is removed from that requirement.</p> 200618 200618