Addendum: to original post I can change the ?userid=$userid if there's an easier way to do it but I haven't been able to figure that out yet. ----- Original Message ----- From: Steph To: [EMAIL PROTECTED] Sent: Wednesday, July 11, 2001 5:45 PM Subject: Security and Cookies A friend of mine needs help, we are both PHP newbies. Here's her prob: I have user authentication program that uses mySQL to store the username/password and other information that they entered when they registered. The secured pages use ?userid=$userid at the end of the page name to designate who the user is. (example: main.php?userid=admin) I want to make this more secure so that you can't just type the example in and have access to the admin files (or type in someone's username and have access to their files). I'm using a cookie right now but I'm having troubles with it because you have to refresh the main page every time you login or it says that you're not a valid user. Steph
