On Tue, 2006-09-05 at 12:27 -0400, Evert|Rooftop wrote: > How can you authenticate with a cookie if you don't have something on > the server-side to match with A MAC works for this. All you need is a server-side secret key. See http://www.openfusion.com.au/labs/mod_auth_tkt/ for an example implementation. - Perrin