I generally don't like to use cookies, but I at least want to minimize the quanity for those users who set their browser to require a confirmation to each cookie.

Since I like your approach, I thought I'd feedback that I plan to combine the cookies into one using comma separation. Then I will split them back out when I read the cookie.

I'm only choosing this approach as I just finished building my entire database and scripts to manage the data in the database, and only now am learning about session management to avoid passing plain text passwords. So now the sessions will be monitored with the username an the compounded md5 hashes. I suppose I will have to go to secure http for the initial login though...

What other options are there than shttp to pass the password to the website during inital login?