[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]Session sets a cookie, which only stores the session id[/quote] Which is exactly what I do with my custom method. So what is the advantage of using PHP sessions over my method? Also, I question why you have just told me at length about the issue of an attacker getting the cookie off the same computer, [b]since I made clear in my post that I was 100% aware of this.[/b] So, can I get an actual answer to the above question? I just want to make sure that there is no security or implementation issue here that I have missed, I am not looking for basic info about sessions. As far as I can see, my method is just as secure as PHP sessions. Is this correct or not? If not, why not?