[eluser]Adam Griffiths[/eluser]
[quote author="tdktank59" date="1226273053"]encypt it with the encyption key..
And or
Store only enough info and a random string use the info to start the session and the string to authenticate it
Just an idea in all cases encyption is key
And another way could be to store the username and password in the cookie with the password encypted then encypt the whole cookie with the encryption key![/quote]
This is what I was initially thinking, encrypting some portion of the data. But then that won't help against cookie stealing. I will find a way.