I am making a user login system and I thought a way to make a session/cookie more secure I could store the users password encoded with sha1 and verify it. So for example when the user logged in I would make 2 sessions like so: [code]$_SESSION['user_id'] = $user_id; $_SESSION['secure_hash'] = $user_sha1_password;[/code] Also if the user selected to automatically login I created 2 cookies: [code]setcookie("autologin_userid", $user_id, time() + 31536000, "/Example", "example.com", 0); setcookie("autologin_secure", $user_sha1_password, time() + 31536000, "/Example", "example.com", 0);[/code] Then I would check the stored hashed password from cookies/sessions with the one that was stored in the database. Now is this actually making my system more secure than if I just stored the user's id in the session/cookie or is it making it less secure? Thank you!