I'm about to implement this, and I'm thinking of storing the user's id and their hashed password in the cookie after a successful authentication. can any see an obvious security issue with this? I know the method is vulnerable to cookie theft but am i missing anything? thanks alan