Hi, Im creating a e-commerce web site for my company, and I have a question about how I would go about doing something, if there is a way...<BR>I put a cookie on a customer&#039s computer to log them in when they come to the site. If someone were to access this cookie they could log in as this user, because it includes their username and an encripted password, and my web site would recognise this as that user and log them in, even if it weren&#039t really them and someone just changed their cookie to be a copy of someone else&#039s. First, is there a way to get around this and make sure the user is really who their cookie says? Second, if there isn&#039t, is there a way that I could still protect that user&#039s credit card information from the fake person (who copied someone else&#039s cookie) without asking for a password from the user? I think Amazon does this somehow, or do they ask for a password to access credit card information?<BR><BR>Thanks,<BR>Ryan Wright<BR>Ry989@hotmail.com