Hi, I think that the simplest back-end is a PHP with session handling. On the client side you shouldn't do anything as browsers deal with sessions.
Start reading from here: http://au.php.net/manual/en/book.session.php The idea is that server should ask browser to start a session for every connection. Then server checks that this session has been authenticated, if yes - proceed with request handling. If session has not been registered(authenticated) - tear down the connection. And then, finally - how to authenticate the session. Check login credentials in the database, if they are OK - register session. In PHP it means that you have to declare some variable which will be associated with this session (until it expires). $_SESSION[LOGIN]="OK" is fine enough. This is just a rough idea of the process - there are plenty of details you should pay an attention. Cheers, Dmitri. --- In flexcoders@yahoogroups.com, "timgerr" <[EMAIL PROTECTED]> wrote: > > I was wondering how people create a secure login system. Do you use a > php back end or what? How do you handle sessions and or cookies? > > Thanks for the info, > timgerr >