User managment with cookies

Anon

Hello!

I've read quite a few articles about user managment with both sessions and/or cookies but I really haven't found one that suites me. I use ASP (yes, I have asked this question on all the ASP forums) but I don't think the programming language really matters. I just want to know the technique. This is the most difficult question:

If I store the userID and password(md5) in a cookie, I have to check if the password is correct from my database on every single "members only" page. Is there a way to avoid this??? I mean, isn't there another way of checking if the cookie is "the real thing" and that the user haven't edited/hacked the cookie in any way?

Please help!
There must be someone that has experienced the same problem!

/Tomi

Anon

Store the user's IP address in a database along with the MD5 string. Heck, you can even use the address to build the MD5 string. Anyway, then check to see that the MD5 strting matches the users. Still a query but a heck of a lot shorter.

Anon

hey, that's a thought! Didn't think of that. 🙂

Does anyone else have an even better idea?

/Tomi