>Why don't we simply add a persistant cookie like "remember me" checbox in form, for users who don't want >to retype their login/pass ? Because a cookie is considered totally insecure. Or what do you want to store in the cookie?