Hmmm, I read the other replies to this question, and to use the servers own authentication modules is probably the best way to go. However, if daemonchild still wants to use cookies, maybe the REFERER variable could be of some use? Or is that stupid? Can it be abused? (Hmm, well OK.. it most certainly can be abused. Just write your own snarf/wget/curl type thingy and set the REFERER variable to the 'correct' value, and you're in. Forget this comment, please. :] )