Christian, I'll have to agree and disagree with you. First, I agree, never trust the client, there is all manner of bad things that can be done by the client or done to the client to have it expose confidential information. Next, I'll disagree that the proposed scheme would allow an attacker easy access to the user's password. If a secure hash (like SHA-256, SHA-1 or MD5 [which has some issues]) is stored in the cookie it would take some extensive work (like searching an answer space that is 2^69 big on SHA-1). I don't think hstang explicitly indicated a secure hash, I just assumed it. The inclusion of the expiry time in the hash prevents it from being attacked with a dictionary attack because the salt adds sufficient randomness. On average the attacker would need to compute 2^68 secure hashes, that will take a while. Also, for useful features like site personalization, having the user re-enter their password each time they access the site would greatly detract from the value of the feature. Most people just wouldn't use it. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4018166#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...