Many sites that I&#039ve visited use some kind of scheme to remember the users that visit them and log them on automatically when they return. I&#039ve seen this implemented in various ways, but I&#039m not sure which, if any, is the best. <BR><BR>1) Storing the User ID and Password in a cookie: In my opinion this is not an acceptable solution because anyone that can access the client has access to the passwords. Encrypting the password is better, but most threads on this subject still say to avoid this.<BR><BR>2) Storing the User ID only in a cookie: This method assumes that a user can not manually alter a cookie on their machine to impersonate another user. I&#039ve tried it, and altering a IE cookie manually appears to render it useless. Is this true and if so, how secure is it?<BR><BR>3) The method I came up with is to store the UserID and lastvisit date in a cookie, and also store the same lastvisit date for the user in the database. When the user accesses the site, the code gets the compares the lastvisit date in the cookie with that on the database for the user. If its the same, they get logged in. The problem with this is that it gets messed up when users access the site from different clients. <BR><BR>Has anyone come up with better solutions? Thanks,<BR><BR>--bob