This site has a few articles that explain to us that sessions are harmful, so I removed all the sessions on my site and used alternatives to replace them. <BR><BR>I use a cookie to keep track of whether an user has logged in or not. I didn't specify the expire period, so the cookie won't be stored in the Cookies folder of the user PC. I felt safe as I thought that the user couldn't edit the cookie until I've read an article from CNET (please refer below).<BR><BR>"The problem with session state management is that it is fundamentally insecure. A hacker can intercept the cookies, form values, or URLs that are used to manage the session state when they are passed back and forth between browser and server. Once intercepted, the hacker can then use this information to take over the user's session." -- http://www.builder.com/Programming/Scripter/013100/?tag=st.bl.3880.tpg.bl_sscol<BR><BR>Can someone explain to me what's the best way (session or cookie) to authentic users? Thank you.