I have spent a bit of time learning php sessions and I am doing a login script.

Please just post a quick answer 1,2,3 as to what you think I should do.

Any comments will be appreciated also.

(1) Anyone who stops cookies will suffer on my site as they will not be able to log in etc.

(2) Use session.use_trans_sid but be ready for security breaches.

(3) Another option (please tell me.)

Thanks for your votes / help.

do this, in the session:

/* Create new session
session_start();
/* Save our data */
$_SESSION['IP']=$_SERVER['REMOTE_ADDR'];
$_SESSION['User']=$_POST['User'];
$_SESSION['Pass']=md5($_POST['Pass']);
$_SESSION['Encrypt']=md5($_POST['User'].$_POST['Pass']."PUTASECRETCODEHERE");


/* Check login on other pages but first make sure IPs match the session */
if($_SESSION['IP']==$_SERVER['remote_addr']){
if(md5($_SESSION['User'].$_SESSION['Pass']."PUTASECRETCODEHERE")==md5($sqlArray['User'].$sqlArray['Pass']."PUTASECRETCODEHERE"))
{
echo "Welcome, back!";
}
}