in reply to
On the few semi-secure (nothing too sensitive) sites that I have worked on, we have always stored the username and crypto password in a session based cookie. This cookie would be persistant for the session only by not setting the
expires cookie variable. We would also set a longer term cookie with the username a some simple preferences, so on login the page would display as set by the user. If any changes were to be made, the user would log in and subsequent pages would look for and authenticate the session cookie.
This allows the user to have "off the cuff" preferences available but includes persistant access after login.
Hope this helps
Anyway, no drug, not even alcohol, causes the fundamental ills of society.
If we're looking for the source of our troubles, we shouldn't test people
for drugs, we should test them for stupidity, ignorance, greed and love of
--P. J. O'Rourke