Hey, I am just implementing auto-login into my site, I am doing this by extending the session to last for 30 days rather than storing the username and password in a cookie, the only thing is I am concerened about cookie grabbers, as once they have to cookie the site will think they are someone they are not, does anyone have any ideas of security, I was thinking along the lines of IP checking but that screws dial-up users over.. thanks