Guys, I completely love this discussion about cookies. You have really enlightened me.
I think that letting users store cookie info in a manner that is secure (involves both encryption and some form of authentication), instead of storing them in a table, could possibly result in a very substantial reduction of database use. The cookie is 1) Encrypted string that I want and 2) MD5 of that string with a secret code appended that the users do not know, which serves as a form of signing That should work. I will not change it now, but will do if I get 2x more traffic. That way I would need zero hits to the database to handle my users sessions. (I only retrieve account information when necessary) As far as I remember now, I do not store much more information in a session beyond username. (I hope that I am not wrong). So it should be easy. Even now, I make sure that I reset the cookie table only every several months. This way I would let users stay logged on forever. Thanks a lot. Igor
